Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-44487 (GCVE-0-2023-44487)
Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
VLAI
EPSS
CISA KEV
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity
7.5 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
173 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | http |
Affected:
2.0
cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < V3.0
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 6386c9c4-033b-4ac4-b69d-cdc0288bae9a
Exploited: Yes
Timestamps
First Seen: 2023-10-10
Asserted: 2023-10-10
Scope
Notes: KEV entry: HTTP/2 Rapid Reset Attack Vulnerability | Affected: IETF / HTTP/2 | Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-400 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | HTTP/2 |
| Due Date | 2023-10-31 |
| Date Added | 2023-10-10 |
| Vendorproject | IETF |
| Vulnerabilityname | HTTP/2 Rapid Reset Attack Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:24 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:35.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "CVE-2023-44487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:52:23.784Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:05:34.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00.000Z",
"dateReserved": "2023-09-29T00:00:00.000Z",
"dateUpdated": "2026-05-12T10:52:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-44487",
"cwes": "[\"CWE-400\"]",
"dateAdded": "2023-10-10",
"dueDate": "2023-10-31",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"product": "HTTP/2",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
"vendorProject": "IETF",
"vulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability"
},
"epss": {
"cve": "CVE-2023-44487",
"date": "2026-06-07",
"epss": "0.94395",
"percentile": "0.99975"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44487\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-10T14:15:10.883\",\"lastModified\":\"2026-05-12T15:10:32.260\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-10-10\",\"cisaActionDue\":\"2023-10-31\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"HTTP/2 Rapid Reset Attack Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"2A7548B8-3DF7-46D9-8A4F-87C38969D900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1EE93D-BAD2-4B86-910C-8784FCC9F398\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0\",\"matchCriteriaId\":\"C89891C1-DFD7-4E1F-80A9-7485D86A15B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664B195-AF14-4834-82B3-0B2C98020EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC588E-CDF0-404E-AD61-02093A1DF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A334F7B4-7283-4453-BAED-D2E01B7F8A6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BEA71C-CA81-4B5D-A688-2B21E62DC351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B405F22-5517-49F5-A7CA-1E50D58DFC75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"AE06B8AF-B36C-4743-A056-30712163F75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1\",\"matchCriteriaId\":\"BCBD17AE-C1AE-4ECF-A991-0FFBDD06D687\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FDCA69-9049-40B4-88AF-F476901022B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B89A6863-B602-4404-8D26-337FECABFFF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"99E36624-A573-47D9-B158-B18A8A822FBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F38253-92F5-4A3A-AA07-292F7542D8A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"19F1C257-0EE6-47DE-B4BE-169F801FFDD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F63E0A-126D-4A93-8159-45EB5E606F81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5200E35-222B-42E0-83E0-5B702684D992\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.57.0\",\"matchCriteriaId\":\"C3BDC297-F023-4E87-8518-B84CCF9DD6A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.100\",\"matchCriteriaId\":\"D12D5257-7ED2-400F-9EF7-40E0D3650C2B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B058776-B5B7-4079-B0AF-23F40926DCEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D565975-EFD9-467C-B6E3-1866A4EF17A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D487271-1B5E-4F16-B0CB-A7B8908935C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.53\",\"matchCriteriaId\":\"A4A6F189-6C43-462D-85C9-B0EBDA8A4683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.17\",\"matchCriteriaId\":\"C993C920-85C0-4181-A95E-5D965A670738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.17\",\"matchCriteriaId\":\"08E79A8E-E12C-498F-AF4F-1AAA7135661E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"F138D800-9A3B-4C76-8A3C-4793083A1517\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.5\",\"matchCriteriaId\":\"6341DDDA-AD27-4087-9D59-0A212F0037B4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"328120E4-C031-44B4-9BE5-03B0CDAA066F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"801F25DA-F38C-4452-8E90-235A3B1A5FF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7522C760-7E07-406F-BF50-5656D5723C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"3A7F605E-EB10-40FB-98D6-7E3A95E310BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"783E62F2-F867-48F1-B123-D1227C970674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"88978E38-81D3-4EFE-8525-A300B101FA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"0510296F-92D7-4388-AE3A-0D9799C2FC4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7698D6C-B1F7-43C1-BBA6-88E956356B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"05E452AA-A520-4CBE-8767-147772B69194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"596FC5D5-7329-4E39-841E-CAE937C02219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"B3C7A168-F370-441E-8790-73014BCEC39F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"CF16FD01-7704-40AB-ACB2-80A883804D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1769D69A-CB59-46B1-89B3-FB97DC6DEB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"9167FEC1-2C37-4946-9657-B4E69301FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7B4B3442-E0C0-48CD-87AD-060E15C9801E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8FA85EC1-D91A-49DD-949B-2AF7AC813CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"20662BB0-4C3D-4CF0-B068-3555C65DD06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59203EBF-C52A-45A1-B8DF-00E17E3EFB51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"9B88F9D1-B54B-40C7-A18A-26C4A071D7EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"C8F39403-C259-4D6F-9E9A-53671017EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"220F2D38-FA82-45EF-B957-7678C9FEDBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C698C1C-A3DD-46E2-B05A-12F2604E7F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"922AA845-530A-4B4B-9976-4CBC30C8A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F938EB43-8373-47EB-B269-C6DF058A9244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"1771493E-ACAA-477F-8AB4-25DB12F6AD6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87670A74-34FE-45DF-A725-25B804C845B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"C7E422F6-C4C2-43AC-B137-0997B5739030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"CC3F710F-DBCB-4976-9719-CF063DA22377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"88EDFCD9-775C-48FA-9CDA-2B04DA8D0612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67DB21AE-DF53-442D-B492-C4ED9A20B105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"4C9FCBCB-9CE0-49E7-85C8-69E71D211912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"112DFA85-90AD-478D-BD70-8C7C0C074F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"DB704A1C-D8B7-48BB-A15A-C14DB591FE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"21D51D9F-2840-4DEA-A007-D20111A1745C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC1D037-74D2-4F92-89AD-C90F6CBF440B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"CAEF3EA4-7D5A-4B44-9CE3-258AEC745866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"2FBCE2D1-9D93-415D-AB2C-2060307C305A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8070B469-8CC4-4D2F-97D7-12D0ABB963C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"A326597E-725D-45DE-BEF7-2ED92137B253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B235A78-649B-46C5-B24B-AB485A884654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"98D2CE1E-DED0-470A-AA78-C78EF769C38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"C966FABA-7199-4F0D-AB8C-4590FE9D2FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D00768-E71B-4FF7-A7BF-F2C8CFBC900D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"BC36311E-BB00-4750-85C8-51F5A2604F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"A65D357E-4B40-42EC-9AAA-2B6CEF78C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABBD10E8-6054-408F-9687-B9BF6375CA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E6018B01-048C-43BB-A78D-66910ED60CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"3A6A5686-5A8B-45D5-9165-BC99D2CCAC47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"5D2A121F-5BD2-4263-8ED3-1DDE25B5C306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83794B04-87E2-4CA9-81F5-BB820D0F5395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F70D4B6F-65CF-48F4-9A07-072DFBCE53D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"29563719-1AF2-4BB8-8CCA-A0869F87795D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D24815DD-579A-46D1-B9F2-3BB2C56BC54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6E7035-3299-474F-8F67-945EA9A059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"0360F76D-E75E-4B05-A294-B47012323ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7A4607BF-41AC-4E84-A110-74E085FF0445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"441CC945-7CA3-49C0-AE10-94725301E31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"46BA8E8A-6ED5-4FB2-8BBC-586AA031085A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969C4F14-F6D6-46D6-B348-FC1463877680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.8.2\",\"matchCriteriaId\":\"41AD5040-1250-45F5-AB63-63F333D49BCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"37DB32BB-F4BA-4FB5-94B1-55C3F06749CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"FFF5007E-761C-4697-8D34-C064DF0ABE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"910441D3-90EF-4375-B007-D51120A60AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667EB77B-DA13-4BA4-9371-EE3F3A109F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8A6F9699-A485-4614-8F38-5A556D31617E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"5A90F547-97A2-41EC-9FDF-25F869F0FA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"E76E1B82-F1DC-4366-B388-DBDF16C586A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"660137F4-15A1-42D1-BBAC-99A1D5BB398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C446827A-1F71-4FAD-9422-580642D26AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"1932D32D-0E4B-4BBD-816F-6D47AB2E2F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"D47B7691-A95B-45C0-BAB4-27E047F3C379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"2CD1637D-0E42-4928-867A-BA0FDB6E8462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"3A599F90-F66B-4DF0-AD7D-D234F328BD59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1B2000-C3FE-4B4C-885A-A5076EB164E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"57D92D05-C67D-437E-88F3-DCC3F6B0ED2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"ECCB8C30-861E-4E48-A5F5-30EE523C1FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB23AE6-245E-43D6-B832-933F8259F937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndIncluding\":\"1.25.2\",\"matchCriteriaId\":\"1188B4A9-2684-413C-83D1-E91C75AE0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.2\",\"matchCriteriaId\":\"3337609D-5291-4A52-BC6A-6A8D4E60EB20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"6CF0ABD9-EB28-4966-8C31-EED7AFBF1527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r25\",\"versionEndExcluding\":\"r29\",\"matchCriteriaId\":\"F291CB34-47A4-425A-A200-087CC295AEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5892B558-EC3A-43FF-A1D5-B2D9F70796F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.93\",\"matchCriteriaId\":\"ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.80\",\"matchCriteriaId\":\"F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.1.13\",\"matchCriteriaId\":\"0765CC3D-AB1A-4147-8900-EF4C105321F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio_http\\\\/2:*:*:*:*:*:swift:*:*\",\"versionEndExcluding\":\"1.28.0\",\"matchCriteriaId\":\"08190072-3880-4EF5-B642-BA053090D95B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.56.3\",\"matchCriteriaId\":\"5F4CDEA9-CB47-4881-B096-DA896E2364F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionEndIncluding\":\"1.59.2\",\"matchCriteriaId\":\"E65AF7BC-7DAE-408A-8485-FBED22815F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.58.0\",\"versionEndExcluding\":\"1.58.3\",\"matchCriteriaId\":\"DD868DDF-C889-4F36-B5E6-68B6D9EA48CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*\",\"matchCriteriaId\":\"FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"4496821E-BD55-4F31-AD9C-A3D66CBBD6BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"8DF7ECF6-178D-433C-AA21-BAE9EF248F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"1C3418F4-B8BF-4666-BB39-C188AB01F45C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-08\",\"matchCriteriaId\":\"3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.2.20\",\"matchCriteriaId\":\"16A8F269-E07E-402F-BFD5-60F3988A5EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4\",\"versionEndExcluding\":\"17.4.12\",\"matchCriteriaId\":\"C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.8\",\"matchCriteriaId\":\"DA5834D4-F52F-41C0-AA11-C974FFEEA063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndExcluding\":\"17.7.5\",\"matchCriteriaId\":\"2166106F-ACD6-4C7B-B0CC-977B83CC5F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"4CD49C41-6D90-47D3-AB4F-4A74169D3A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4974\",\"matchCriteriaId\":\"E500D59C-6597-45E9-A57B-BE26C0C231D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.3570\",\"matchCriteriaId\":\"C9F9A643-90C6-489C-98A0-D2739CE72F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.3570\",\"matchCriteriaId\":\"1814619C-ED07-49E0-A50A-E28D824D43BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2538\",\"matchCriteriaId\":\"100A27D3-87B0-4E72-83F6-7605E3F35E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.2428\",\"matchCriteriaId\":\"C6A36795-0238-45C9-ABE6-3DCCF751915B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.18.2\",\"matchCriteriaId\":\"94BAB9EB-1527-4D9A-BADE-0708579536CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.0.0\",\"versionEndExcluding\":\"20.8.1\",\"matchCriteriaId\":\"69843DE4-4721-4F0A-A9B7-0F6DF5AAA388\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"B25279EF-C406-4133-99ED-0492703E0A4E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.10.16.00\",\"matchCriteriaId\":\"9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"EDEB508E-0EBD-4450-9074-983DDF568AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.9\",\"matchCriteriaId\":\"93A1A748-6C71-4191-8A16-A93E94E2CDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.3\",\"matchCriteriaId\":\"4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.0\",\"matchCriteriaId\":\"6F70360D-6214-46BA-AF82-6AB01E13E4E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"E2DA759E-1AF8-49D3-A3FC-1B426C13CA82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.6\",\"matchCriteriaId\":\"28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.3\",\"matchCriteriaId\":\"F0C8E760-C8D2-483A-BBD4-6A6D292A3874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.1\",\"matchCriteriaId\":\"5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"050AE218-3871-44D6-94DA-12D84C2093CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.5\",\"matchCriteriaId\":\"B36BFFB0-C0EC-4926-A1DB-0B711C846A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"376EAF9B-E994-4268-9704-0A45EA30270F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08335-C291-4623-B80C-3B14C4D1FA32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"FC4C66B1-42C0-495D-AE63-2889DE0BED84\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndIncluding\":\"2.12.5\",\"matchCriteriaId\":\"8633E263-F066-4DD8-A734-90207207A873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"34A23BD9-A0F4-4D85-8011-EAC93C29B4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"27ED3533-A795-422F-B923-68BE071DC00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"45F7E352-3208-4188-A5B1-906E00DF9896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"DF89A8AD-66FE-439A-B732-CAAB304D765B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.26.0\",\"matchCriteriaId\":\"A400C637-AF18-4BEE-B57C-145261B65DEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"653A5B08-0D02-4362-A8B1-D00B24C6C6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D54F5AE-61EC-4434-9D5F-9394A3979894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E37E1B3-6F68-4502-85D6-68333643BDFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F13B03-69BF-4A8B-A0A0-7F47FD857461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9393119E-F018-463F-9548-60436F104195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC45EE1E-2365-42D4-9D55-92FA24E5ED3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E567CD9F-5A43-4D25-B911-B5D0440698F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68146098-58F8-417E-B165-5182527117C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB4D6790-63E5-4043-B8BE-B489D649061D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78698F40-0777-4990-822D-02E1B5D0E2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87C8AD3-8878-4546-86C2-BF411876648C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58966CB-36AF-4E64-AB39-BE3A0753E155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585BC540-073B-425B-B664-5EA4C00AFED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A305F012-544E-4245-9D69-1C8CD37748B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF93A27E-AA2B-4C2E-9B8D-FE7267847326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B12A3A8-6456-481A-A0C9-524543FCC149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E22EBF9-AA0D-4712-9D69-DD97679CE835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"941B114C-FBD7-42FF-B1D8-4EA30E99102C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339CFB34-A795-49F9-BF6D-A00F3A1A4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D044DBE-6F5A-4C53-828E-7B1A570CACFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*\",\"matchCriteriaId\":\"65203CA1-5225-4E55-A187-6454C091F532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA9B2E2-958B-478D-87D6-E5CDDCD44315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF390236-3259-4C8F-891C-62ACC4386CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B129311C-EB4B-4041-B85C-44D5E53FCAA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AB54DB-3FB4-41CB-88ED-1400FD22AB85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C92A9-0677-442B-8D52-A448F2019903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F564701-EDC1-43CF-BB9F-287D6992C6CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B0CF2B-D1E1-4E20-846E-6F0D873499A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8885C2C-7FB8-40CA-BCB9-B48C50BF2499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A903C3AD-2D25-45B5-BF4A-A5BEB2286627\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5.3\",\"matchCriteriaId\":\"C2792650-851F-4820-B003-06A4BEA092D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"9F6B63B9-F4C9-4A3F-9310-E0918E1070D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"2.414.2\",\"matchCriteriaId\":\"E6FF5F80-A991-43D4-B49F-D843E2BC5798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2.427\",\"matchCriteriaId\":\"54D25DA9-12D0-4F14-83E6-C69D0293AAB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.0\",\"matchCriteriaId\":\"8E1AFFB9-C717-4727-B0C9-5A0C281710E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.21.4.3\",\"matchCriteriaId\":\"25C85001-E0AB-4B01-8EE7-1D9C77CD956E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.003.009\",\"matchCriteriaId\":\"FB2BDBAC-8D19-4F81-8D31-6D0955A53D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"F98F9D27-6659-413F-8F29-4FDB0882AAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"C98BF315-C563-47C2-BAD1-63347A3D1008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"3F30E209-FA52-4D3B-9B88-4193EA388554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3178F3A5-A072-44E1-A225-B04BC536F4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"AA2BE0F1-DD16-4876-8EBA-F187BD38B159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796B6C58-2140-4105-A2A1-69865A194A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA99DC6-EA03-469F-A8BE-7F96FDF0B333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"6560DBF4-AFE6-4672-95DE-74A0B8F4170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.2\",\"matchCriteriaId\":\"84785919-796D-41E5-B652-6B5765C81D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.11.0\",\"matchCriteriaId\":\"92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.1\",\"matchCriteriaId\":\"4FE2F959-1084-48D1-B1F1-8182FC9862DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10.4\",\"matchCriteriaId\":\"5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"1BB6B48E-EA36-40A0-96D0-AF909BEC1147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"2CBED844-7F94-498C-836D-8593381A9657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.2\",\"matchCriteriaId\":\"C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"358FA1DC-63D3-49F6-AC07-9E277DD0D9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.01.0\",\"matchCriteriaId\":\"BFF2D182-7599-4B81-B56B-F44EDA1384C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4868BCCA-24DE-4F24-A8AF-B3A545C0396E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"BEC75F99-C7F0-47EB-9032-C9D3A42EBA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6638F4E-16F7-447D-B755-52640BCB1C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC34F742-530E-4AB4-8AFC-D1E088E256B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.6.2\",\"matchCriteriaId\":\"E22AD683-345B-4E16-BB9E-E9B1783E09AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.22\",\"matchCriteriaId\":\"2955BEE9-F567-4006-B96D-92E10FF84DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.15.1\",\"matchCriteriaId\":\"67502878-DB20-4410-ABA0-A1C5705064CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.11.2\",\"matchCriteriaId\":\"177DED2D-8089-4494-BDD9-7F84FC06CD5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1.0\",\"matchCriteriaId\":\"54A29FD3-4128-4333-8445-A7DD04A6ECF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67074526-9933-46B3-9FE3-A0BE73C5E8A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528ED62B-D739-4E06-AC64-B506FD73BBAB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C10D85-88AC-4A79-8866-BED88A0F8DF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4E8EE4-031D-47D3-A12E-EE5F792172EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14D4B4E-120E-4607-A4F1-447C7BF3052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15702ACB-29F3-412D-8805-E107E0729E35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E930332-CDDD-48D5-93BC-C22D693BBFA2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B34855-D8D2-4114-80D2-A4D159C62458\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBBFE9-835C-4411-8492-6006E74BAC65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3293438-3D18-45A2-B093-2C3F65783336\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x\\\\/3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E142C18F-9FB5-4D96-866A-141D7D16CAF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7817F4E6-B2DA-4F06-95A4-AF329F594C02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq\\\\/pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EFC116A-627F-4E05-B631-651D161217C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4532F513-0543-4960-9877-01F23CA7BA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B43502B-FD53-465A-B60F-6A359C6ACD99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3229124-B097-4AAC-8ACD-2F9C89DCC3AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A532C0-B0E3-484A-B356-88970E7D0248\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C84D24C-2256-42AF-898A-221EBE9FE1E4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D008CA1C-6F5A-40EA-BB12-A9D84D5AF700\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43913A0E-50D5-47DD-94D8-DD3391633619\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA52D5C1-13D8-4D23-B022-954CCEF491F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF5AF71-15DF-4151-A1CF-E138A7103FC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E505C0B1-2119-4C6A-BF96-C282C633D169\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088C0323-683A-44F5-8D42-FF6EC85D080E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"915EF8F6-6039-4DD0-B875-30D911752B74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97217080-455C-48E4-8CE1-6D5B9485864F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD9C1F1-8582-4F67-A77D-97CBFECB88B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CA1A59-2681-4507-AC74-53BD481099B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFB9FDE8-8533-4F65-BF32-4066D042B2F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80AB6FB-32FD-43D7-A9F1-80FA47696210\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA5389A-8AD1-476E-983A-54DF573C30F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1B1A8F1-45B1-4E64-A254-7191FA93CB6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DA8BFA-D7A2-476C-A6F5-CAE610033BC2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"557ED31C-C26A-4FAE-8B14-D06B49F7F08B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11411BFD-3F4D-4309-AB35-A3629A360FB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2FFD26-8255-4351-8594-29D2AEFC06EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E10975-B47E-4F4D-8096-AEC7B7733612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E40F42-632A-47DF-BE33-DC25B826310B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C64136-89C2-443C-AF7B-BED81D3DE25A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEF7F26-BB47-44BD-872E-130820557C23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"182000E0-8204-4D8B-B7DE-B191AFE12E28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC208BC-7E19-48C6-A20E-A79A51B7362C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102F91CD-DFB6-43D4-AE5B-DA157A696230\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E952A96A-0F48-4357-B7DD-1127D8827650\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084D0191-563B-4FF0-B589-F35DA118E1C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DB6FC5-762A-4F16-AE8C-69330EFCF640\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5394DE31-3863-4CA9-B7B1-E5227183100D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968390BC-B430-4903-B614-13104BFAE635\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349D69B-D8FA-4462-AA28-69DD18A652D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4BB834-2C00-4384-A78E-AF3BCDDC58AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE49B45-F2E9-491D-9C29-1B46E9CE14E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFAD21E-59EE-4CCE-8F1E-621D2EA50905\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91231DC6-2773-4238-8C14-A346F213B5E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C3CE6D-BD54-48B1-A188-8E53DA001424\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"498991F7-39D6-428C-8C7D-DD8DC72A0346\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113772B6-E9D2-4094-9468-3F4E1A87D07D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B90D36-5124-4669-8462-4EAF35B0F53D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC2B1F-232E-4754-8076-CC82F3648730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F1127D2-12C0-454F-91EF-5EE334070D06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6EB963-E0F2-4A02-8765-AB2064BE19E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785FD17C-F32E-4042-9DDE-A89B3AAE0334\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAF99B-5406-4722-81FB-A91CBAC2DF41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DC1E93-561E-490C-AE0E-B02BAB9A7C8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF467E2-4567-426E-8F48-39669E0F514C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68EA1FEF-B6B6-49FE-A0A4-5387F76303F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D6DB7F-C025-4971-9615-73393ED61078\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4364ADB9-8162-451D-806A-B98924E6B2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53BCB42-ED61-4FCF-8068-CB467631C63C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737C724A-B6CD-4FF7-96E0-EBBF645D660E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7067AEC7-DFC8-4437-9338-C5165D9A8F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E0371B-FDE2-473C-AA59-47E1269D050F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"489D11EC-5A18-4F32-BC7C-AC1FCEC27222\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D4CF15-B293-4403-A1A9-96AD3933BAEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBCC1515-2DBE-4DF2-8E83-29A869170F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7282AAFF-ED18-4992-AC12-D953C35EC328\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA022E77-6557-4A33-9A3A-D028E2DB669A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360409CC-4172-4878-A76B-EA1C1F8C7A79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D5D5E2-B40B-475D-9EF3-8441016E37E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F59A4B-AE92-4533-8EDC-D1DD850309FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492A2C86-DD38-466B-9965-77629A73814F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB7AA46-4018-4925-963E-719E1037F759\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9D1E4-10B9-4B6F-B848-D93ABF6486D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB270C45-756E-400A-979F-D07D750C881A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8A085C-2DBA-4269-AB01-B16019FBB4DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79DD582-AF68-44F1-B640-766B46EF2BE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04484DA-AA59-4833-916E-6A8C96D34F0D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07B5399-44C7-468D-9D57-BB5B5E26CE50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76FB64F-16F0-4B0B-B304-B46258D434BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E02DC82-0D26-436F-BA64-73C958932B0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E128053-834B-4DD5-A517-D14B4FC2B56F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163743A1-09E7-4EC5-8ECA-79E4B9CE173B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE340E4C-DC48-4FC8-921B-EE304DB5AE0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C367BBE0-D71F-4CB5-B50E-72B033E73FE1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E1D224-4751-4233-A127-A041068C804A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD31B075-01B1-429E-83F4-B999356A0EB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3284D16F-3275-4F8D-8AE4-D413DE19C4FA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/grpc/grpc/releases/tag/v1.59.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:08:27.383Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T20:34:21.334116Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-10-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"], \"vendor\": \"ietf\", \"product\": \"http\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-10T00:00:00.000Z\", \"value\": \"CVE-2023-44487 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T18:31:22.372Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\"}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\"}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\"}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\"}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\"}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\"}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\"}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\"}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\"}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\"}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\"}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/7\", \"name\": \"[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/6\", \"name\": \"[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\"}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\"}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\"}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\"}, {\"url\": \"https://github.com/nodejs/node/pull/50121\"}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\"}, {\"url\": \"https://github.com/golang/go/issues/63417\"}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\"}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\"}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\"}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\"}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\"}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\"}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\"}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\"}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\"}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\"}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\"}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\"}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\"}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\"}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\"}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\"}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\"}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\"}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\"}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"}, {\"url\": \"https://github.com/line/armeria/pull/5232\"}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\"}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\"}, {\"url\": \"https://github.com/openresty/openresty/issues/930\"}, {\"url\": \"https://github.com/apache/apisix/issues/10320\"}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\"}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\"}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}, {\"url\": \"https://github.com/grpc/grpc/releases/tag/v1.59.2\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-07T20:05:34.376Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-44487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\", \"dateReserved\": \"2023-09-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
ICSA-24-165-04
Vulnerability from csaf_cisa - Published: 2024-06-11 00:00 - Updated: 2024-06-11 00:00Summary
Siemens ST7 ScadaConnect
Notes
Summary: Siemens has released a new version for ST7 ScadaConnect and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
12 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens has released a new version for ST7 ScadaConnect and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-341067.json"
},
{
"category": "self",
"summary": "SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"category": "self",
"summary": "SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-341067.pdf"
},
{
"category": "self",
"summary": "SSA-341067: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-341067.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-165-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-165-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-165-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens ST7 ScadaConnect",
"tracking": {
"current_release_date": "2024-06-11T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-165-04",
"initial_release_date": "2024-06-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-06-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.1",
"product": {
"name": "ST7 ScadaConnect (6NH7997-5DA10-0AA0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6NH7997-5DA10-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "ST7 ScadaConnect (6NH7997-5DA10-0AA0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40303",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2023-0464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-0464"
},
{
"cve": "CVE-2023-0465",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-0465"
},
{
"cve": "CVE-2023-0466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-0466"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-21808",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-21808"
},
{
"cve": "CVE-2023-24895",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-24895"
},
{
"cve": "CVE-2023-24897",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-24897"
},
{
"cve": "CVE-2023-24936",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-24936"
},
{
"cve": "CVE-2023-28260",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET DLL Hijacking Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-28260"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-29331",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-29331"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the \u0027\\0\u0027 value).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-32032",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32032"
},
{
"cve": "CVE-2023-33126",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-33126"
},
{
"cve": "CVE-2023-33127",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-33127"
},
{
"cve": "CVE-2023-33128",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-33128"
},
{
"cve": "CVE-2023-33135",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-33135"
},
{
"cve": "CVE-2023-33170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-33170"
},
{
"cve": "CVE-2023-35390",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-35390"
},
{
"cve": "CVE-2023-35391",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-35391"
},
{
"cve": "CVE-2023-36038",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASP.NET Core Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36038"
},
{
"cve": "CVE-2023-36049",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36049"
},
{
"cve": "CVE-2023-36435",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Microsoft QUIC Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36435"
},
{
"cve": "CVE-2023-36558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASP.NET Core - Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36558"
},
{
"cve": "CVE-2023-36792",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36792"
},
{
"cve": "CVE-2023-36793",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36793"
},
{
"cve": "CVE-2023-36794",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36794"
},
{
"cve": "CVE-2023-36796",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36796"
},
{
"cve": "CVE-2023-36799",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET Core and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-36799"
},
{
"cve": "CVE-2023-38171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Microsoft QUIC Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-38171"
},
{
"cve": "CVE-2023-38178",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET Core and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-38178"
},
{
"cve": "CVE-2023-38180",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-38180"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955597/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-44487"
}
]
}
ICSA-24-228-06
Vulnerability from csaf_cisa - Published: 2024-08-13 00:00 - Updated: 2024-08-13 00:00Summary
Siemens SINEC NMS
Notes
Summary: SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json"
},
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-228-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-228-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-228-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINEC NMS",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-228-06",
"initial_release_date": "2024-08-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SINEC NMS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\u0027s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-41941"
}
]
}
ICSA-24-319-08
Vulnerability from csaf_cisa - Published: 2024-11-12 00:00 - Updated: 2024-11-12 00:00Summary
Siemens SINEC INS
Notes
Summary: SINEC INS before V1.0 SP2 Update 3 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC INS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC INS before V1.0 SP2 Update 3 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC INS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-915275.json"
},
{
"category": "self",
"summary": "SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-319-08.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-08 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SINEC INS",
"tracking": {
"current_release_date": "2024-11-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-319-08",
"initial_release_date": "2024-11-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0_SP2_Update_3",
"product": {
"name": "SINEC INS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SINEC INS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2975",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-2975"
},
{
"cve": "CVE-2023-3341",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\u0027s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3341"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-4236",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4236"
},
{
"cve": "CVE-2023-4408",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4408"
},
{
"cve": "CVE-2023-4807",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-4807"
},
{
"cve": "CVE-2023-5517",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect \u003cdomain\u003e;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5517"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5679",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5679"
},
{
"cve": "CVE-2023-5680",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-5680"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation\r\ncontains a bug that might corrupt the internal state of applications running\r\non PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nImpact summary: If an attacker can influence whether the POLY1305 MAC\r\nalgorithm is used, the application state might be corrupted with various\r\napplication dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\r\nPowerPC CPUs restores the contents of vector registers in a different order\r\nthan they are saved. Thus the contents of some of these vector registers\r\nare corrupted when returning to the caller. The vulnerable code is used only\r\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can\r\nbe various - from no consequences, if the calling application does not\r\ndepend on the contents of non-volatile XMM registers at all, to the worst\r\nconsequences, where the attacker could get complete control of the application\r\nprocess. However unless the compiler uses the vector registers for storing\r\npointers, the most likely consequence, if any, would be an incorrect result\r\nof some application dependent calculations or a crash leading to a denial of\r\nservice.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the\r\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\r\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\r\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\r\nclient can influence whether this AEAD cipher is used. This implies that\r\nTLS server applications using OpenSSL can be potentially impacted. However\r\nwe are currently not aware of any concrete application that would be affected\r\nby this issue therefore we consider this a Low severity security issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-6237",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6237"
},
{
"cve": "CVE-2023-6516",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "summary",
"text": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-6516"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-32002",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32002"
},
{
"cve": "CVE-2023-32003",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32003"
},
{
"cve": "CVE-2023-32004",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32004"
},
{
"cve": "CVE-2023-32005",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.\n\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32005"
},
{
"cve": "CVE-2023-32006",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32006"
},
{
"cve": "CVE-2023-32558",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32558"
},
{
"cve": "CVE-2023-32559",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(\u0027spawn_sync\u0027)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-32559"
},
{
"cve": "CVE-2023-38552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\r\nImpacts:\r\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\r\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-38552"
},
{
"cve": "CVE-2023-39331",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39331"
},
{
"cve": "CVE-2023-39332",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39332"
},
{
"cve": "CVE-2023-39333",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-39333"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45143",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45143"
},
{
"cve": "CVE-2023-46809",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-46809"
},
{
"cve": "CVE-2023-47038",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47038"
},
{
"cve": "CVE-2023-47039",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47039"
},
{
"cve": "CVE-2023-47100",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-47100"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-50387",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-50387"
},
{
"cve": "CVE-2023-50868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2023-52389",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-52389"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\r\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\r\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\r\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\r\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\r\ndereference that results in OpenSSL crashing. If an application processes PKCS12\r\nfiles from an untrusted source using the OpenSSL APIs then that application will\r\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\r\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\r\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\r\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\r\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-21890",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21890"
},
{
"cve": "CVE-2024-21891",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to bypass security restrictions, caused by improper path traversal sequence sanitization. By using a path traversal attack, an attacker could exploit this vulnerability leading to filesystem permission model bypass.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21891"
},
{
"cve": "CVE-2024-21892",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by a bug in the implementation of the exception of CAP_NET_BIND_SERVICE. An attacker could exploit this vulnerability to inject code that inherits the process\u0027s elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21892"
},
{
"cve": "CVE-2024-21896",
"cwe": {
"id": "CWE-27",
"name": "Path Traversal: \u0027dir/../../filename\u0027"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to traverse directories on the system. By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, an attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to read arbitrary files on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-21896"
},
{
"cve": "CVE-2024-22017",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22017"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22025",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Node.js is vulnerable to a denial of service, caused by a resource exhaustion vulnerability in fetch() brotli decoding . By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-22025"
},
{
"cve": "CVE-2024-24758",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-24758"
},
{
"cve": "CVE-2024-24806",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "summary",
"text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-24806"
},
{
"cve": "CVE-2024-27980",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the improper handling of batch files in child_process.spawn / child_process.spawnSync. By sending a specially crafted command line argument using args parameter, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27980"
},
{
"cve": "CVE-2024-27982",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in the http server, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27982"
},
{
"cve": "CVE-2024-27983",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Node.js is vulnerable to a denial of service, caused by an assertion failure in `node::http2::Http2Session::~Http2Session()`. By sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside, an attacker could exploit this vulnerability to cause the HTTP/2 server to crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-46888",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46888"
},
{
"cve": "CVE-2024-46889",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46889"
},
{
"cve": "CVE-2024-46890",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46890"
},
{
"cve": "CVE-2024-46891",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system\u0027s resources and create a denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46891"
},
{
"cve": "CVE-2024-46892",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46892"
},
{
"cve": "CVE-2024-46894",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate authorization of a user to query the \"/api/sftp/users\" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 3 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109975745/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-46894"
}
]
}
ICSA-25-162-05
Vulnerability from csaf_cisa - Published: 2025-06-10 00:00 - Updated: 2026-05-14 06:00Summary
Siemens SIMATIC S7-1500 CPU family
Notes
Summary: Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).
Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-082556 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Germany
7.0 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
9.8 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-73
- External Control of File Name or Path
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
8.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-150
- Improper Neutralization of Escape, Meta, or Control Sequences
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.6 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.0 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.2 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.4 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
9.8 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-401
- Missing Release of Memory after Effective Lifetime
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-252
- Unchecked Return Value
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-125
- Out-of-bounds Read
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.3 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
4.7 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.0 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
6.6 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
CWE-407
- Inefficient Algorithmic Complexity
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
|
6ES7518-4AX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
|
6ES7518-4AX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
|
6ES7518-4FX00-1AB0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
|
6ES7518-4FX00-1AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
|
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
|
6AG1518-4AX00-4AC0
|
vers:intdot/>=3.1.5 |
Mitigation
Mitigation
None Available
|
References
247 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-082556 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-082556.json"
},
{
"category": "self",
"summary": "SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-162-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-162-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-162-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens SIMATIC S7-1500 CPU family",
"tracking": {
"current_release_date": "2026-05-14T06:00:00.000000Z",
"generator": {
"date": "2026-05-13T15:52:08.130074Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-25-162-05",
"initial_release_date": "2025-06-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-06-10T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00.000000Z",
"legacy_version": "Additional Release 1",
"number": "2",
"summary": "Added CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990"
},
{
"date": "2026-01-13T00:00:00.000000Z",
"legacy_version": "Additional Release 2",
"number": "3",
"summary": "Added CVE-2025-66382, CVE-2025-39929, CVE-2025-39931, CVE-2025-39977, CVE-2025-40022, CVE-2025-11082, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-9230, CVE-2025-9232, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546, CVE-2025-8224, CVE-2025-7425, CVE-2025-59375"
},
{
"date": "2026-01-14T22:00:07.322959Z",
"legacy_version": "Additional Release 3",
"number": "4",
"summary": "CISA Republication - Initial Republication of Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-02-10T00:00:00.000000Z",
"legacy_version": "Additional Release 4",
"number": "5",
"summary": "Added 22 CVEs"
},
{
"date": "2026-02-12T07:00:00.000000Z",
"legacy_version": "Additional Release 5",
"number": "6",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-03-10T00:00:00.000000Z",
"legacy_version": "Additional Release 6",
"number": "7",
"summary": "Added 36 CVEs"
},
{
"date": "2026-03-12T06:00:00.000000Z",
"legacy_version": "Additional Release 7",
"number": "8",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
},
{
"date": "2026-05-12T00:00:00.000000Z",
"legacy_version": "Additional Release 8",
"number": "9",
"summary": "Added CVE-2026-31431"
},
{
"date": "2026-05-14T06:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "10",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-082556 advisory"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.5",
"product": {
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6AG1518-4AX00-4AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41617",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-41617"
},
{
"cve": "CVE-2023-4527",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4527"
},
{
"cve": "CVE-2023-4806",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4806"
},
{
"cve": "CVE-2023-4911",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-684",
"name": "Incorrect Provision of Specified Functionality"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/684.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6246",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6246"
},
{
"cve": "CVE-2023-6779",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6779"
},
{
"cve": "CVE-2023-6780",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/131.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-6780"
},
{
"cve": "CVE-2023-28531",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28531"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-28531"
},
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/73.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/201.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "summary",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/222.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "summary",
"text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/304.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-52927",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don\u0027t perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/843.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/364.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-24855",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24855"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-24855"
},
{
"cve": "CVE-2024-26596",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26596"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "summary",
"text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/150.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "nscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\r\nby client requests then a subsequent client request for netgroup data\r\nmay result in a stack-based buffer overflow. This flaw was introduced\r\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "nscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\r\nnetgroup response to the cache, the client request can result in a null\r\npointer dereference. This flaw was introduced in glibc 2.15 when the\r\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\r\nxrealloc and these functions may terminate the process due to a memory\r\nallocation failure resulting in a denial of service to the clients. The\r\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "summary",
"text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\r\nwhen the NSS callback does not store all strings in the provided buffer.\r\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/466.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34397",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-34397"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/131.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50246",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/ntfs3: Add rough attr alloc_size check",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-53166",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "block, bfq: bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-53166"
},
{
"cve": "CVE-2024-57924",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57924"
},
{
"cve": "CVE-2024-57977",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57996",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "net_sched: sch_sfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-58005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tpm: Change to kvalloc() in eventlog/acpi.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2025-3198",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-3198"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/124.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/364.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-4598"
},
{
"cve": "CVE-2025-5244",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5244"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-5244"
},
{
"cve": "CVE-2025-5245",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-5245"
},
{
"cve": "CVE-2025-6395",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-6395"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7545",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/116.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7545"
},
{
"cve": "CVE-2025-7546",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-7546"
},
{
"cve": "CVE-2025-8224",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8224"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-8224"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-11082",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11082"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11082"
},
{
"cve": "CVE-2025-11083",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11083"
},
{
"cve": "CVE-2025-11412",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11412"
},
{
"cve": "CVE-2025-11413",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11413"
},
{
"cve": "CVE-2025-11414",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11414"
},
{
"cve": "CVE-2025-11494",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11494"
},
{
"cve": "CVE-2025-11495",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11495"
},
{
"cve": "CVE-2025-11839",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "summary",
"text": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11839"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/252.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11839"
},
{
"cve": "CVE-2025-11840",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11840"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-11840"
},
{
"cve": "CVE-2025-21701",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: vulnerability arises because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21712",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "md/md-bitmap: vulnerability caused by bitmap_get_stats() can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmap_get_stats() with bitmap_info.mutex.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21712"
},
{
"cve": "CVE-2025-21724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index(). Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift (an unsigned long value) could result in undefined behavior. The constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21745",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21758",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21765",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv4: use RCU protection in __ip_rt_update_pmtu(). __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0 It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context. Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21848",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\r\n\r\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\r\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21862",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: drop secpath at the same time as we currently drop dst\r\n\r\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\r\nrunning tests that boil down to:\r\n - create a pair of netns\r\n - run a basic TCP test over ipcomp6\r\n - delete the pair of netns\r\n\r\nThe xfrm_state found on spi_byaddr was not deleted at the time we\r\ndelete the netns, because we still have a reference on it. This\r\nlingering reference comes from a secpath (which holds a ref on the\r\nxfrm_state), which is still attached to an skb. This skb is not\r\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\r\nskb_attempt_defer_free.\r\n\r\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\r\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\r\nthat case, we still have a reference on the xfrm_state that we don\u0027t\r\nexpect at this point.\r\n\r\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\r\nlonger needed, so let\u0027s also drop the secpath. At this point,\r\ntcp_filter has already called into the LSM hooks that may require the\r\nsecpath, so it should not be needed anymore. However, in some of those\r\nplaces, the MPTCP extension has just been attached to the skb, so we\r\ncannot simply drop all extensions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21865"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/390.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-31115",
"cwe": {
"id": "CWE-366",
"name": "Race Condition within a Thread"
},
"notes": [
{
"category": "summary",
"text": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/366.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/415.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32989",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-32989"
},
{
"cve": "CVE-2025-38058",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see that it\u0027s safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it\u0027ll be a full-blown mntput(). Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it\u0027s nowhere near common enough to bother with.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38063",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38063"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38067",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn\u0027t point to a valid struct rseq_cs. The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. However, some older versions of glibc will reuse the rseq area of previous threads without clearing the rseq_cs field and will also terminate the process if the rseq registration fails in a secondary thread. This wasn\u0027t caught in testing because in this case the leftover rseq_cs does point to a valid struct rseq_cs. What we can do is clear the rseq_cs field on registration when it\u0027s non-zero which will prevent segfaults on registration and won\u0027t break the glibc versions that reuse rseq areas on thread creation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38067"
},
{
"cve": "CVE-2025-38071",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is \u003c 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblock_phys_alloc_range() returns 0 on failure, which leads memblock_phys_free() to throw the first 4 MiB of physical memory to the wolves. At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38071"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38071"
},
{
"cve": "CVE-2025-38079",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/415.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent\u0027s qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38100",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in tss_update_io_bitmap(). tss_update_io_bitmap() operates on the current task. If current has TIF_IO_BITMAP set, but no bitmap installed, tss_update_io_bitmap() crashes with a NULL pointer dereference. There are two issues, which lead to that problem: 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when the task, which is cleaned up, is not the current task. That\u0027s a clear indicator for a cleanup after a failed fork(). 2) A task should not have TIF_IO_BITMAP set and neither a bitmap installed nor IOPL emulation level 3 activated. This happens when a kernel thread is created in the context of a user space thread, which has TIF_IO_BITMAP set as the thread flags are copied and the IO bitmap pointer is cleared. Other than in the failed fork() case this has no impact because kernel threads including IO workers never return to user space and therefore never invoke tss_update_io_bitmap(). Cure this by adding the missing cleanups and checks: 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if the to be cleaned up task is not the current task. 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user space forks it is set later, when the IO bitmap is inherited in io_bitmap_share(). For paranoia sake, add a warning into tss_update_io_bitmap() to catch the case, when that code is invoked with inconsistent state",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38111",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like \u0027mdio-tools\u0027 to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation should generally fail in this case, mdiobus provides stats array, where wrong address may allow out-of-bounds read/write. Fix that by adding address verification before read/write operation. While this excludes this access from any statistics, it improves security of read/write operation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38124",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after pull from frag_list\") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets with modified geometry can also hit bugs in that code",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38124"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38167",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38167"
},
{
"cve": "CVE-2025-38198",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the \"store_modes\" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type \u0027fb_info *[32]\u0027 ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673 store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113 dev_attr_store+0x55/0x80 drivers/base/core.c:2439 static struct fb_info *fbcon_registered_fb[FB_MAX]; ... static signed char con2fb_map[MAX_NR_CONSOLES]; ... static struct fb_info *fbcon_info_from_console(int console) ... return fbcon_registered_fb[con2fb_map[console]]; If con2fb_map contains a -1 things go wrong here. Instead, return NULL, as callers of fbcon_info_from_console() are trying to compare against existing \"info\" pointers, so error handling should kick in correctly",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38198"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38212",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipc: fix to protect IPCS lookups using RCU\r\n\r\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\r\n\r\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\r\n\r\nidr_for_each() is protected by rwsem, but this is not enough. If it is\r\nnot protected by RCU read-critical region, when idr_for_each() calls\r\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\r\nstructure, the node will be freed immediately, and when reading the next\r\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\r\n\r\nTherefore, we need to add code to make sure that idr_for_each() is\r\nprotected within the RCU read-critical region when we call it in\r\nshm_destroy_orphaned().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38214",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\r\n\r\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\r\nfb_videomode, later it may lead to a null-ptr dereference in\r\nfb_videomode_to_var(), as the fb_info is registered while not having the\r\nmode in modelist that is expected to be there, i.e. the one that is\r\ndescribed in fb_info-\u003evar.\r\n\r\n================================================================\r\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\r\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\r\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\r\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\r\nCall Trace:\r\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\r\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\r\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\r\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\r\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\r\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\r\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\r\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\r\n vfs_ioctl fs/ioctl.c:48 [inline]\r\n __do_sys_ioctl fs/ioctl.c:753 [inline]\r\n __se_sys_ioctl fs/ioctl.c:739 [inline]\r\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\r\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\r\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n================================================================\r\n\r\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\r\nthen fb_videomode_to_var() is called. If it fails to add the mode to\r\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\r\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\r\nit is done earlier in the function.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38214"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\r\n\r\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\r\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\r\nfb_videomode_to_var(), as the fb_info is registered while not having the\r\nmode in modelist that is expected to be there, i.e. the one that is\r\ndescribed in fb_info-\u003evar.\r\n\r\n================================================================\r\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\r\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\r\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\r\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\r\nCall Trace:\r\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\r\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\r\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\r\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\r\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\r\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\r\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\r\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\r\n vfs_ioctl fs/ioctl.c:48 [inline]\r\n __do_sys_ioctl fs/ioctl.c:753 [inline]\r\n __se_sys_ioctl fs/ioctl.c:739 [inline]\r\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\r\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\r\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n================================================================\r\n\r\nEven though fbcon_init() checks beforehand if fb_match_mode() in\r\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\r\ndoes not return error code. Considering this and the comment in the code\r\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\r\nbetter to prevent registering the fb_info if its mode was not set\r\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\r\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38215"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38222",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: inline: fix len overflow in ext4_prepare_inline_data\r\n\r\nWhen running the following code on an ext4 filesystem with inline_data\r\nfeature enabled, it will lead to the bug below.\r\n\r\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\r\n ftruncate(fd, 30);\r\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\r\n\r\nThat happens because write_begin will succeed as when\r\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\r\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\r\ninstead of 0x10000000006.\r\n\r\nThen, later when write_end is called, we hit:\r\n\r\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\r\n\r\nat ext4_write_inline_data.\r\n\r\nFix it by using a loff_t type for the len parameter in\r\next4_prepare_inline_data instead of an unsigned int.\r\n\r\n[ 44.545164] ------------[ cut here ]------------\r\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\r\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\r\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\r\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\r\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\r\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\r\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\r\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\r\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\r\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\r\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\r\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\r\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\r\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\r\n[ 44.546523] PKRU: 55555554\r\n[ 44.546523] Call Trace:\r\n[ 44.546523] \u003cTASK\u003e\r\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\r\n[ 44.546523] generic_perform_write+0x17e/0x270\r\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\r\n[ 44.546523] vfs_write+0x2be/0x3e0\r\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\r\n[ 44.546523] do_syscall_64+0x6a/0xf0\r\n[ 44.546523] ? __wake_up+0x89/0xb0\r\n[ 44.546523] ? xas_find+0x72/0x1c0\r\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\r\n[ 44.546523] ? set_pte_range+0x1a6/0x270\r\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\r\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\r\n[ 44.546523] ? do_pte_missing+0x128/0xf70\r\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\r\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\r\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\r\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\r\n[ 44.546523] ? do_syscall_64+0x76/0xf0\r\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\r\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\r\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\r\n[ 44.546523] RIP: 0033:0x7f42999c6687\r\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\r\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\r\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\r\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\r\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\r\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\r\n\r\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\r\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\r\nthis can cause NULL pointer dereference.\r\n\r\nNormally the delayed start of laundromat_work allows sufficient time for\r\nnfsd_ssc initialization to complete. However, when the kernel waits too\r\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\r\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\r\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\r\ndelayed work may start before nfsd_ssc initialization finishes.\r\n\r\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\r\n\r\nJann Horn reported a use-after-free in unix_stream_read_generic().\r\n\r\nThe following sequences reproduce the issue:\r\n\r\n $ python3\r\n from socket import *\r\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\r\n s1.send(b\u0027x\u0027, MSG_OOB)\r\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\r\n s1.send(b\u0027y\u0027, MSG_OOB)\r\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\r\n s1.send(b\u0027z\u0027, MSG_OOB)\r\n s2.recv(1) # recv \u0027z\u0027 illegally\r\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\r\n\r\nEven though a user reads OOB data, the skb holding the data stays on\r\nthe recv queue to mark the OOB boundary and break the next recv().\r\n\r\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\r\n2 leading consumed OOB skbs and 1 real OOB skb.\r\n\r\nThen, the following happens during the next recv() without MSG_OOB\r\n\r\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\r\n 2. manage_oob() returns the next consumed OOB skb\r\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\r\n 4. unix_stream_read_generic() reads and frees the OOB skb\r\n\r\n, and the last recv(MSG_OOB) triggers KASAN splat.\r\n\r\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\r\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\r\nOOB skbs.\r\n\r\n while (skip \u003e= unix_skb_len(skb)) {\r\n skip -= unix_skb_len(skb);\r\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\r\n ...\r\n }\r\n\r\nIn addition to this use-after-free, there is another issue that\r\nioctl(SIOCATMARK) does not function properly with consecutive consumed\r\nOOB skbs.\r\n\r\nSo, nothing good comes out of such a situation.\r\n\r\nInstead of complicating manage_oob(), ioctl() handling, and the next\r\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\r\nlet\u0027s not leave such consecutive OOB unnecessarily.\r\n\r\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\r\nprevious skb is a consumed OOB skb, it is freed.\r\n\r\n[0]:\r\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\r\nRead of size 4 at addr ffff888106ef2904 by task python3/315\r\n\r\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\r\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\r\nCall Trace:\r\n \u003cTASK\u003e\r\n dump_stack_lvl (lib/dump_stack.c:122)\r\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\r\n kasan_report (mm/kasan/report.c:636)\r\n unix_stream_read_actor (net/unix/af_unix.c:3027)\r\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\r\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\r\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\r\n __sys_recvfrom (net/socket.c:2278)\r\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\r\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\r\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\r\nRIP: 0033:0x7f8911fcea06\r\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\r\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\r\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\r\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\r\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\r\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\r\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\r\n \u003c/TASK\u003e\r\n\r\nAllocated by task 315:\r\n kasan_save_stack (mm/kasan/common.c:48)\r\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\r\n __kasan_slab_alloc (mm/kasan/common.c:348)\r\n kmem_cache_alloc_\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38280",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Avoid __bpf_prog_ret0_warn when jit fails\r\n\r\nsyzkaller reported an issue:\r\n\r\nWARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357\r\nModules linked in:\r\nCPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39\r\nRIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357\r\nCall Trace:\r\n \u003cTASK\u003e\r\n bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]\r\n __bpf_prog_run include/linux/filter.h:718 [inline]\r\n bpf_prog_run include/linux/filter.h:725 [inline]\r\n cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105\r\n ...\r\n\r\nWhen creating bpf program, \u0027fp-\u003ejit_requested\u0027 depends on bpf_jit_enable.\r\nThis issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set\r\nand bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog,\r\nbut jit failed due to FAULT_INJECTION. As a result, incorrectly\r\ntreats the program as valid, when the program runs it calls\r\n`__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38280"
},
{
"cve": "CVE-2025-38285",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix WARN() in get_bpf_raw_tp_regs\r\n\r\nsyzkaller reported an issue:\r\n\r\nWARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\r\nModules linked in:\r\nCPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full)\r\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\r\nRIP: 0010:get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\r\nRSP: 0018:ffffc90003636fa8 EFLAGS: 00010293\r\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81c6bc4c\r\nRDX: ffff888032efc880 RSI: ffffffff81c6bc83 RDI: 0000000000000005\r\nRBP: ffff88806a730860 R08: 0000000000000005 R09: 0000000000000003\r\nR10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000004\r\nR13: 0000000000000001 R14: ffffc90003637008 R15: 0000000000000900\r\nFS: 0000000000000000(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000\r\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nCR2: 00007f7baee09130 CR3: 0000000029f5a000 CR4: 0000000000352ef0\r\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\nCall Trace:\r\n \u003cTASK\u003e\r\n ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1934 [inline]\r\n bpf_get_stack_raw_tp+0x24/0x160 kernel/trace/bpf_trace.c:1931\r\n bpf_prog_ec3b2eefa702d8d3+0x43/0x47\r\n bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]\r\n __bpf_prog_run include/linux/filter.h:718 [inline]\r\n bpf_prog_run include/linux/filter.h:725 [inline]\r\n __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]\r\n bpf_trace_run3+0x23f/0x5a0 kernel/trace/bpf_trace.c:2405\r\n __bpf_trace_mmap_lock_acquire_returned+0xfc/0x140 include/trace/events/mmap_lock.h:47\r\n __traceiter_mmap_lock_acquire_returned+0x79/0xc0 include/trace/events/mmap_lock.h:47\r\n __do_trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\r\n trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\r\n __mmap_lock_do_trace_acquire_returned+0x138/0x1f0 mm/mmap_lock.c:35\r\n __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]\r\n mmap_read_trylock include/linux/mmap_lock.h:204 [inline]\r\n stack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157\r\n __bpf_get_stack+0x307/0xa10 kernel/bpf/stackmap.c:483\r\n ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]\r\n bpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496\r\n ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1941 [inline]\r\n bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1931\r\n bpf_prog_ec3b2eefa702d8d3+0x43/0x47\r\n\r\nTracepoint like trace_mmap_lock_acquire_returned may cause nested call\r\nas the corner case show above, which will be resolved with more general\r\nmethod in the future. As a result, WARN_ON_ONCE will be triggered. As\r\nAlexei suggested, remove the WARN_ON_ONCE first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38285"
},
{
"cve": "CVE-2025-38312",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\r\n\r\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\r\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\r\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\r\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\r\navoid such overflow...\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\r\nanalysis tool.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/369.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38342",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsoftware node: Correct a OOB check in software_node_get_reference_args()\r\n\r\nsoftware_node_get_reference_args() wants to get @index-th element, so\r\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\r\nbut that can not be guaranteed by current OOB check, and may cause OOB\r\nfor malformed property.\r\n\r\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38350",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38364",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\r\n\r\nTemporarily clear the preallocation flag when explicitly requesting\r\nallocations. Pre-existing allocations are already counted against the\r\nrequest through mas_node_count_gfp(), but the allocations will not happen\r\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\r\nre-allocating in bulk allocation mode, and to detect issues with\r\npreallocation calculations.\r\n\r\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\r\nso that detection of underflow allocations will print a WARN_ON() during\r\nconsumption.\r\n\r\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\r\ndereference when subsequent requests for larger number of nodes is\r\nignored, such as the vma merge retry in mmap_region() caused by drivers\r\naltering the vma flags (which happens in v6.6, at least)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38364"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38393",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\r\n\r\nWe found a few different systems hung up in writeback waiting on the same\r\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\r\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\r\nwas zero.\r\n\r\nIt seems most likely that this is another race between the waiter and waker\r\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\r\nFix it up by applying the advised barrier.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38400",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\r\n\r\nsyzbot reported a warning below [1] following a fault injection in\r\nnfs_fs_proc_net_init(). [0]\r\n\r\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\r\n\r\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\r\nis logged as the directory is not empty.\r\n\r\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\r\n\r\n[0]:\r\nFAULT_INJECTION: forcing a failure.\r\nname failslab, interval 1, probability 0, space 0, times 0\r\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\r\nCall Trace:\r\n \u003cTASK\u003e\r\n dump_stack_lvl (lib/dump_stack.c:123)\r\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\r\n should_failslab (mm/failslab.c:46)\r\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\r\n __proc_create (fs/proc/generic.c:427)\r\n proc_create_reg (fs/proc/generic.c:554)\r\n proc_create_net_data (fs/proc/proc_net.c:120)\r\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\r\n nfs_net_init (fs/nfs/inode.c:2600)\r\n ops_init (net/core/net_namespace.c:138)\r\n setup_net (net/core/net_namespace.c:443)\r\n copy_net_ns (net/core/net_namespace.c:576)\r\n create_new_namespaces (kernel/nsproxy.c:110)\r\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\r\n ksys_unshare (kernel/fork.c:3123)\r\n __x64_sys_unshare (kernel/fork.c:3190)\r\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\r\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\r\n \u003c/TASK\u003e\r\n\r\n[1]:\r\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\r\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\r\nModules linked in:\r\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\r\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\r\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\r\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\r\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\r\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\r\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\r\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\r\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\r\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\r\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\r\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\nCall Trace:\r\n \u003cTASK\u003e\r\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\r\n ops_exit_list net/core/net_namespace.c:200 [inline]\r\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\r\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\r\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\r\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\r\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\r\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\r\n __do_sys_unshare kernel/fork.c:3192 [inline]\r\n __se_sys_unshare kernel/fork.c:3190 [inline]\r\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\r\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\r\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\nRIP: 0033:0x7fa1a6b8e929\r\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38430",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\r\n\r\nIf the request being processed is not a v4 compound request, then\r\nexamining the cstate can have undefined results.\r\n\r\nThis patch adds a check that the rpc procedure being executed\r\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38451",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmd/md-bitmap: fix GPF in bitmap_get_stats()\r\n\r\nThe commit message of commit 6ec1f0239485 (\"md/md-bitmap: fix stats\r\ncollection for external bitmaps\") states:\r\n\r\n Remove the external bitmap check as the statistics should be\r\n available regardless of bitmap storage location.\r\n\r\n Return -EINVAL only for invalid bitmap with no storage (neither in\r\n superblock nor in external file).\r\n\r\nBut, the code does not adhere to the above, as it does only check for\r\na valid super-block for \"internal\" bitmaps. Hence, we observe:\r\n\r\nOops: GPF, probably for non-canonical address 0x1cd66f1f40000028\r\nRIP: 0010:bitmap_get_stats+0x45/0xd0\r\nCall Trace:\r\n\r\n seq_read_iter+0x2b9/0x46a\r\n seq_read+0x12f/0x180\r\n proc_reg_read+0x57/0xb0\r\n vfs_read+0xf6/0x380\r\n ksys_read+0x6d/0xf0\r\n do_syscall_64+0x8c/0x1b0\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nWe fix this by checking the existence of a super-block for both the\r\ninternal and external case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38451"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38451"
},
{
"cve": "CVE-2025-38457",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\r\n\r\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\r\nWhenever a user creates/modifies a qdisc specifying as a parent another\r\nqdisc, the qdisc API will, during grafting, detect that the user is\r\nnot trying to attach to a class and reject. However grafting is\r\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\r\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\r\nduring init or change (such as fq, hhf, choke, etc), an issue\r\narises. For example, executing the following commands:\r\n\r\nsudo tc qdisc add dev lo root handle a: htb default 2\r\nsudo tc qdisc add dev lo parent a: handle beef fq\r\n\r\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\r\nqdisc_tree_reduce_backlog() in their control path init() or change() which\r\nthen causes a failure to find the child class; however, that does not stop\r\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\r\na null class. All these qdiscs make the assumption that class is non-null.\r\n\r\nThe solution is ensure that qdisc_leaf() which looks up the parent\r\nclass, and is invoked prior to qdisc_create(), should return failure on\r\nnot finding the class.\r\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\r\nparentid doesn\u0027t correspond to a class, so that we can detect it\r\nearlier on and abort before qdisc_create is called.\r\n\r\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38465",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\r\n\r\nNetlink has this pattern in some places\r\n\r\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\r\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\r\n\r\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\r\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\r\n\r\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\r\nis always false as the two operands are of int.\r\n\r\nThen, a single socket can eat as many skb as possible until OOM\r\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\r\n\r\nLet\u0027s fix it by using atomic_add_return() and comparing the two\r\nvariables as unsigned int.\r\n\r\nBefore:\r\n [root@fedora ~]# ss -f netlink\r\n Recv-Q Send-Q Local Address:Port Peer Address:Port\r\n -1668710080 0 rtnl:nl_wraparound/293 *\r\n\r\nAfter:\r\n [root@fedora ~]# ss -f netlink\r\n Recv-Q Send-Q Local Address:Port Peer Address:Port\r\n 2147483072 0 rtnl:nl_wraparound/290 *\r\n ^\r\n `--- INT_MAX - 576",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38466",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\r\n\r\nJann reports that uprobes can be used destructively when used in the\r\nmiddle of an instruction. The kernel only verifies there is a valid\r\ninstruction at the requested offset, but due to variable instruction\r\nlength cannot determine if this is an instruction as seen by the\r\nintended execution stream.\r\n\r\nAdditionally, Mark Rutland notes that on architectures that mix data\r\nin the text segment (like arm64), a similar things can be done if the\r\ndata word is \u0027mistaken\u0027 for an instruction.\r\n\r\nAs such, require CAP_SYS_ADMIN for uprobes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38466"
},
{
"cve": "CVE-2025-38468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\r\n\r\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\r\n\r\ntc qdisc del dev lo root\r\ntc qdisc add dev lo root handle 1: htb default 1\r\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\r\ntc qdisc add dev lo parent 1:1 handle 2: netem\r\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\r\nping -I lo -c1 -W0.001 127.0.0.1\r\n\r\nThe root cause is the following:\r\n\r\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\r\n the selected leaf qdisc\r\n2. netem_dequeue calls enqueue on the child qdisc\r\n3. blackhole_enqueue drops the packet and returns a value that is not\r\n just NET_XMIT_SUCCESS\r\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\r\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\r\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\r\n5. As this is the only class in the selected hprio rbtree,\r\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\r\n NULL\r\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\r\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\r\n hprio rbtree, and fail the BUG_ON\r\n\r\nThe function graph for this scenario is shown here:\r\n 0) | htb_enqueue() {\r\n 0) + 13.635 us | netem_enqueue();\r\n 0) 4.719 us | htb_activate_prios();\r\n 0) # 2249.199 us | }\r\n 0) | htb_dequeue() {\r\n 0) 2.355 us | htb_lookup_leaf();\r\n 0) | netem_dequeue() {\r\n 0) + 11.061 us | blackhole_enqueue();\r\n 0) | qdisc_tree_reduce_backlog() {\r\n 0) | qdisc_lookup_rcu() {\r\n 0) 1.873 us | qdisc_match_from_root();\r\n 0) 6.292 us | }\r\n 0) 1.894 us | htb_search();\r\n 0) | htb_qlen_notify() {\r\n 0) 2.655 us | htb_deactivate_prios();\r\n 0) 6.933 us | }\r\n 0) + 25.227 us | }\r\n 0) 1.983 us | blackhole_dequeue();\r\n 0) + 86.553 us | }\r\n 0) # 2932.761 us | qdisc_warn_nonwc();\r\n 0) | htb_lookup_leaf() {\r\n 0) | BUG_ON();\r\n ------------------------------------------\r\n\r\nThe full original bug report can be seen here [1].\r\n\r\nWe can fix this just by returning NULL instead of the BUG_ON,\r\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\r\nNULL.\r\n\r\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38468"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\r\n\r\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\r\n8021q module will automatically add or remove VLAN 0 when the net device\r\nis put administratively up or down, respectively. There are a couple of\r\nproblems with the above scheme.\r\n\r\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\r\nfeature is disabled while the device is running:\r\n\r\n # ip link add bond1 up type bond mode 0\r\n # ethtool -K bond1 rx-vlan-filter off\r\n # ip link del dev bond1\r\n\r\nWhen the device is put administratively down the \"rx-vlan-filter\"\r\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\r\nmemory will be leaked [1].\r\n\r\nAnother problem that can happen is that the kernel can automatically\r\ndelete VLAN 0 when the device is put administratively down despite not\r\nadding it when the device was put administratively up since during that\r\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\r\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\r\nimbalance if toggling filtering during runtime:\r\n\r\n$ ip link add bond0 type bond mode 0\r\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\r\n$ ethtool -K bond0 rx-vlan-filter off\r\n$ ifconfig bond0 up\r\n$ ethtool -K bond0 rx-vlan-filter on\r\n$ ifconfig bond0 down\r\n$ ip link del vlan0\r\n\r\nRoot cause is as below:\r\nstep1: add vlan0 for real_dev, such as bond, team.\r\nregister_vlan_dev\r\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\r\nstep2: disable vlan filter feature and enable real_dev\r\nstep3: change filter from 0 to 1\r\nvlan_device_event\r\n vlan_filter_push_vids\r\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\r\nstep4: real_dev down\r\nvlan_device_event\r\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\r\n vlan_info_rcu_free //free vlan0\r\nstep5: delete vlan0\r\nunregister_vlan_dev\r\n BUG_ON(!vlan_info); //vlan_info is null\r\n\r\nFix both problems by noting in the VLAN info whether VLAN 0 was\r\nautomatically added upon NETDEV_UP and based on that decide whether it\r\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\r\n\"rx-vlan-filter\" feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38470"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntls: always refresh the queue when reading sock\r\n\r\nAfter recent changes in net-next TCP compacts skbs much more\r\naggressively. This unearthed a bug in TLS where we may try\r\nto operate on an old skb when checking if all skbs in the\r\nqueue have matching decrypt state and geometry.\r\n\r\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\r\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\r\n Read of size 4 at addr ffff888013085750 by task tls/13529\r\n\r\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\r\n Call Trace:\r\n kasan_report+0xca/0x100\r\n tls_strp_check_rcv+0x898/0x9a0 [tls]\r\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\r\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\r\n inet_recvmsg+0x1c3/0x1f0\r\n\r\nAlways reload the queue, fast path is to have the record in the queue\r\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38471"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38477",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\r\n\r\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\r\n(called during qfq_enqueue) while other threads access it\r\nconcurrently. For example, qfq_dump_class may trigger a NULL\r\ndereference, and qfq_delete_class may cause a use-after-free.\r\n\r\nThis patch addresses the issue by:\r\n\r\n1. Moved qfq_destroy_class into the critical section.\r\n\r\n2. Added sch_tree_lock protection to qfq_dump_class and\r\nqfq_dump_class_stats.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38498",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38498"
},
{
"cve": "CVE-2025-38499",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\r\n\r\nWhat we want is to verify there is that clone won\u0027t expose something\r\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\r\nmay be a result of MNT_LOCKED on a child, but it may also come from\r\nlacking admin rights in the userns of the namespace mount belongs to.\r\n\r\nclone_private_mnt() checks the former, but not the latter.\r\n\r\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\r\nuserns during the mount, especially with the new mount API; they serve\r\ndifferent purposes and in case of clone_private_mnt() they usually,\r\nbut not always end up covering the missing check mentioned above.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38499"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38614",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: Fix semi-unbounded recursion\n\nEnsure that epoll instances can never form a graph deeper than\nEP_MAX_NESTS+1 links.\n\nCurrently, ep_loop_check_proc() ensures that the graph is loop-free and\ndoes some recursion depth checks, but those recursion depth checks don\u0027t\nlimit the depth of the resulting tree for two reasons:\n\n - They don\u0027t look upwards in the tree.\n - If there are multiple downwards paths of different lengths, only one of\n the paths is actually considered for the depth check since commit\n 28d82dc1c4ed (\"epoll: limit paths\").\n\nEssentially, the current recursion depth check in ep_loop_check_proc() just\nserves to prevent it from recursing too deeply while checking for loops.\n\nA more thorough check is done in reverse_path_check() after the new graph\nedge has already been created; this checks, among other things, that no\npaths going upwards from any non-epoll file with a length of more than 5\nedges exist. However, this check does not apply to non-epoll files.\n\nAs a result, it is possible to recurse to a depth of at least roughly 500,\ntested on v6.15. (I am unsure if deeper recursion is possible; and this may\nhave changed with commit 8c44dac8add7 (\"eventpoll: Fix priority inversion\nproblem\").)\n\nTo fix it:\n\n1. In ep_loop_check_proc(), note the subtree depth of each visited node,\nand use subtree depths for the total depth calculation even when a subtree\nhas already been visited.\n2. Add ep_get_upwards_depth_proc() for similarly determining the maximum\ndepth of an upwards walk.\n3. In ep_loop_check(), use these values to limit the total path length\nbetween epoll nodes to EP_MAX_NESTS edges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38614"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38614"
},
{
"cve": "CVE-2025-38685",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38685"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38691",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38691"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38701",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not BUG when INLINE_DATA_FL lacks system.data xattr\n\nA syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()\nwhen an inode had the INLINE_DATA_FL flag set but was missing the\nsystem.data extended attribute.\n\nSince this can happen due to a maiciouly fuzzed file system, we\nshouldn\u0027t BUG, but rather, report it as a corrupted file system.\n\nAdd similar replacements of BUG_ON with EXT4_ERROR_INODE() ii\next4_create_inline_data() and ext4_inline_data_truncate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38701"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38701"
},
{
"cve": "CVE-2025-38702",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38708",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: add missing kref_get in handle_write_conflicts\n\nWith `two-primaries` enabled, DRBD tries to detect \"concurrent\" writes\nand handle write conflicts, so that even if you write to the same sector\nsimultaneously on both nodes, they end up with the identical data once\nthe writes are completed.\n\nIn handling \"superseeded\" writes, we forgot a kref_get,\nresulting in a premature drbd_destroy_device and use after free,\nand further to kernel crashes with symptoms.\n\nRelevance: No one should use DRBD as a random data generator, and apparently\nall users of \"two-primaries\" handle concurrent writes correctly on layer up.\nThat is cluster file systems use some distributed lock manager,\nand live migration in virtualization environments stops writes on one node\nbefore starting writes on the other node.\n\nWhich means that other than for \"test cases\",\nthis code path is never taken in real life.\n\nFYI, in DRBD 9, things are handled differently nowadays. We still detect\n\"write conflicts\", but no longer try to be smart about them.\nWe decided to disconnect hard instead: upper layers must not submit concurrent\nwrites. If they do, that\u0027s their fault.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38708"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38708"
},
{
"cve": "CVE-2025-38721",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: fix refcount leak on table dump\n\nThere is a reference count leak in ctnetlink_dump_table():\n if (res \u003c 0) {\n nf_conntrack_get(\u0026ct-\u003ect_general); // HERE\n cb-\u003eargs[1] = (unsigned long)ct;\n ...\n\nWhile its very unlikely, its possible that ct == last.\nIf this happens, then the refcount of ct was already incremented.\nThis 2nd increment is never undone.\n\nThis prevents the conntrack object from being released, which in turn\nkeeps prevents cnet-\u003ecount from dropping back to 0.\n\nThis will then block the netns dismantle (or conntrack rmmod) as\nnf_conntrack_cleanup_net_list() will wait forever.\n\nThis can be reproduced by running conntrack_resize.sh selftest in a loop.\nIt takes ~20 minutes for me on a preemptible kernel on average before\nI see a runaway kworker spinning in nf_conntrack_cleanup_net_list.\n\nOne fix would to change this to:\n if (res \u003c 0) {\n\t\tif (ct != last)\n\t nf_conntrack_get(\u0026ct-\u003ect_general);\n\nBut this reference counting isn\u0027t needed in the first place.\nWe can just store a cookie value instead.\n\nA followup patch will do the same for ctnetlink_exp_dump_table,\nit looks to me as if this has the same problem and like\nctnetlink_dump_table, we only need a \u0027skip hint\u0027, not the actual\nobject so we can apply the same cookie strategy there as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38721"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38721"
},
{
"cve": "CVE-2025-38724",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38727",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-39683",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39683"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39689",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Also allocate and copy hash for reading of filter files\n\nCurrently the reader of set_ftrace_filter and set_ftrace_notrace just adds\nthe pointer to the global tracer hash to its iterator. Unlike the writer\nthat allocates a copy of the hash, the reader keeps the pointer to the\nfilter hashes. This is problematic because this pointer is static across\nfunction calls that release the locks that can update the global tracer\nhashes. This can cause UAF and similar bugs.\n\nAllocate and copy the hash for reading the filter files like it is done\nfor the writers. This not only fixes UAF bugs, but also makes the code a\nbit simpler as it doesn\u0027t have to differentiate when to free the\niterator\u0027s hash between writers and readers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39689"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39689"
},
{
"cve": "CVE-2025-39697",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39724",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39724"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39756",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39756"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39770",
"cwe": {
"id": "CWE-573",
"name": "Improper Following of Specification by Caller"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM\n\nWhen performing Generic Segmentation Offload (GSO) on an IPv6 packet that\ncontains extension headers, the kernel incorrectly requests checksum offload\nif the egress device only advertises NETIF_F_IPV6_CSUM feature, which has\na strict contract: it supports checksum offload only for plain TCP or UDP\nover IPv6 and explicitly does not support packets with extension headers.\nThe current GSO logic violates this contract by failing to disable the feature\nfor packets with extension headers, such as those used in GREoIPv6 tunnels.\n\nThis violation results in the device being asked to perform an operation\nit cannot support, leading to a `skb_warn_bad_offload` warning and a collapse\nof network throughput. While device TSO/USO is correctly bypassed in favor\nof software GSO for these packets, the GSO stack must be explicitly told not\nto request checksum offload.\n\nMask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4\nin gso_features_check if the IPv6 header contains extension headers to compute\nchecksum in software.\n\nThe exception is a BIG TCP extension, which, as stated in commit\n68e068cabd2c6c53 (\"net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\"):\n\"The feature is only enabled on devices that support BIG TCP TSO.\nThe header is only present for PF_PACKET taps like tcpdump,\nand not transmitted by physical devices.\"\n\nkernel log output (truncated):\nWARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140\n...\nCall Trace:\n \u003cTASK\u003e\n skb_checksum_help+0x12a/0x1f0\n validate_xmit_skb+0x1a3/0x2d0\n validate_xmit_skb_list+0x4f/0x80\n sch_direct_xmit+0x1a2/0x380\n __dev_xmit_skb+0x242/0x670\n __dev_queue_xmit+0x3fc/0x7f0\n ip6_finish_output2+0x25e/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel]\n ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre]\n dev_hard_start_xmit+0x63/0x1c0\n __dev_queue_xmit+0x6d0/0x7f0\n ip6_finish_output2+0x214/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n inet6_csk_xmit+0xeb/0x150\n __tcp_transmit_skb+0x555/0xa80\n tcp_write_xmit+0x32a/0xe90\n tcp_sendmsg_locked+0x437/0x1110\n tcp_sendmsg+0x2f/0x50\n...\nskb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e\nskb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00\nskb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00\nskb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00\nskb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9\nskb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01\nskb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/573.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39770"
},
{
"cve": "CVE-2025-39773",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix soft lockup in br_multicast_query_expired()\n\nWhen set multicast_query_interval to a large value, the local variable\n\u0027time\u0027 in br_multicast_send_query() may overflow. If the time is smaller\nthan jiffies, the timer will expire immediately, and then call mod_timer()\nagain, which creates a loop and may trigger the following soft lockup\nissue.\n\n watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]\n CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)\n Call Trace:\n \u003cIRQ\u003e\n __netdev_alloc_skb+0x2e/0x3a0\n br_ip6_multicast_alloc_query+0x212/0x1b70\n __br_multicast_send_query+0x376/0xac0\n br_multicast_send_query+0x299/0x510\n br_multicast_query_expired.constprop.0+0x16d/0x1b0\n call_timer_fn+0x3b/0x2a0\n __run_timers+0x619/0x950\n run_timer_softirq+0x11c/0x220\n handle_softirqs+0x18e/0x560\n __irq_exit_rcu+0x158/0x1a0\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n\nThis issue can be reproduced with:\n ip link add br0 type bridge\n echo 1 \u003e /sys/class/net/br0/bridge/multicast_querier\n echo 0xffffffffffffffff \u003e\n \t/sys/class/net/br0/bridge/multicast_query_interval\n ip link set dev br0 up\n\nThe multicast_startup_query_interval can also cause this issue. Similar to\nthe commit 99b40610956a (\"net: bridge: mcast: add and enforce query\ninterval minimum\"), add check for the query interval maximum to fix this\nissue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39773"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39773"
},
{
"cve": "CVE-2025-39783",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39783"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39787",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: mdt_loader: Ensure we don\u0027t read past the ELF header\n\nWhen the MDT loader is used in remoteproc, the ELF header is sanitized\nbeforehand, but that\u0027s not necessary the case for other clients.\n\nValidate the size of the firmware buffer to ensure that we don\u0027t read\npast the end as we iterate over the header. e_phentsize and e_shentsize\nare validated as well, to ensure that the assumptions about step size in\nthe traversal are valid.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39787"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39787"
},
{
"cve": "CVE-2025-39795",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid possible overflow for chunk_sectors check in blk_stack_limits()\n\nIn blk_stack_limits(), we check that the t-\u003echunk_sectors value is a\nmultiple of the t-\u003ephysical_block_size value.\n\nHowever, by finding the chunk_sectors value in bytes, we may overflow\nthe unsigned int which holds chunk_sectors, so change the check to be\nbased on sectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39795"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39795"
},
{
"cve": "CVE-2025-39798",
"cwe": {
"id": "CWE-273",
"name": "Improper Check for Dropped Privileges"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39798"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/273.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39866",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39866"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39929",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\r\n\r\nDuring tests of another unrelated patch I was able to trigger this\r\nerror: Objects remaining on __kmem_cache_shutdown()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39929"
},
{
"cve": "CVE-2025-39931",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\r\n\r\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\r\na garbage value from the previous loop. This may then trigger a\r\ncrash on the next entry into af_alg_sendmsg when it attempts to do\r\na merge that can\u0027t be done.\r\n\r\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/457.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39977",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfutex: Prevent use-after-free during requeue-PI\r\n\r\nsyzbot managed to trigger the following race:\r\n\r\n T1 T2\r\n\r\n futex_wait_requeue_pi()\r\n futex_do_wait()\r\n schedule()\r\n futex_requeue()\r\n futex_proxy_trylock_atomic()\r\n futex_requeue_pi_prepare()\r\n requeue_pi_wake_futex()\r\n futex_requeue_pi_complete()\r\n /* preempt */\r\n\r\n * timeout/ signal wakes T1 *\r\n\r\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\r\n futex_hash_put()\r\n // back to userland, on stack futex_q is garbage\r\n\r\n /* back */\r\n wake_up_state(q-\u003etask, TASK_NORMAL);\r\n\r\nIn this scenario futex_wait_requeue_pi() is able to leave without using\r\nfutex_q::lock_ptr for synchronization.\r\n\r\nThis can be prevented by reading futex_q::task before updating the\r\nfutex_q::requeue_state. A reference on the task_struct is not needed\r\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\r\nimplies a RCU read section.\r\n\r\nEven if T1 terminates immediately after, the task_struct will remain valid\r\nduring T2\u0027s wake_up_state(). A READ_ONCE on futex_q::task before\r\nfutex_requeue_pi_complete() is enough because it ensures that the variable\r\nis read before the state is updated.\r\n\r\nRead futex_q::task before updating the requeue state, use it for the\r\nfollowing wakeup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-39977"
},
{
"cve": "CVE-2025-40022",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: af_alg - Fix incorrect boolean values in af_alg_ctx\r\n\r\nCommit 1b34cbbf4f01 (\"crypto: af_alg - Disallow concurrent writes in\r\naf_alg_sendmsg\") changed some fields from bool to 1-bit bitfields of\r\ntype u32.\r\n\r\nHowever, some assignments to these fields, specifically \u0027more\u0027 and\r\n\u0027merge\u0027, assign values greater than 1. These relied on C\u0027s implicit\r\nconversion to bool, such that zero becomes false and nonzero becomes\r\ntrue.\r\n\r\nWith a 1-bit bitfields of type u32 instead, mod 2 of the value is taken\r\ninstead, resulting in 0 being assigned in some cases when 1 was intended.\r\n\r\nFix this by restoring the bool type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40022"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/704.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-40022"
},
{
"cve": "CVE-2025-46836",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46836"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-46836"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66382",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/407.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2025-66382"
},
{
"cve": "CVE-2026-31431",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
"title": "Summary"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP"
},
{
"category": "summary",
"text": "In the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5, a security vulnerability has been identified in the Linux kernel that could potentially allow an authorized local attacker to gain elevated system privileges.",
"title": "For SIPLUS S7-1500 CPU 1518-4 PN/DP MFP"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/669.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
},
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
],
"title": "CVE-2026-31431"
}
]
}
ICSA-25-203-04
Vulnerability from csaf_cisa - Published: 2025-07-22 06:00 - Updated: 2026-02-25 07:00Summary
Schneider Electric EcoStruxure Power Operation (Update A)
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation: Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions.
Critical infrastructure sectors: Commercial Facilities, Critical Manufacturing, Energy
Countries/areas deployed: Worldwide
Company headquarters location: France
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
6.7 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2022: <=CU6
Schneider Electric / EcoStruxure Power Operation (EPO) 2022
|
<=CU6 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
|
|
Schneider Electric EcoStruxure Power Operation (EPO) 2024: <=CU1
Schneider Electric / EcoStruxure Power Operation (EPO) 2024
|
<=CU1 |
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
|
References
27 references
Acknowledgments
Schneider Electric
{
"document": {
"acknowledgments": [
{
"organization": "Schneider Electric",
"summary": "reported these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Critical Manufacturing, Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "France",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-203-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-203-04.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-203-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Schneider Electric EcoStruxure Power Operation (Update A)",
"tracking": {
"current_release_date": "2026-02-25T07:00:00.000000Z",
"generator": {
"date": "2026-02-25T21:44:12.244015Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-203-04",
"initial_release_date": "2025-07-22T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-07-22T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Republication of Schneider Electric SEVD-2025-189-03"
},
{
"date": "2026-02-25T07:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Remediations are available for EcoStruxure Power Operation 2022"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=CU6",
"product": {
"name": "Schneider Electric EcoStruxure Power Operation (EPO) 2022: \u003c=CU6",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "EcoStruxure Power Operation (EPO) 2022"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=CU1",
"product": {
"name": "Schneider Electric EcoStruxure Power Operation (EPO) 2024: \u003c=CU1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "EcoStruxure Power Operation (EPO) 2024"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-50447",
"cwe": {
"id": "CWE-95",
"name": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Pillow Version 10.1.0 allows PIL.ImageMath.eval arbitrary code execution via the environment parameter. This is a different vulnerability from CVE-2022-22817, which pertains to the expression parameter.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/95.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2024-28219",
"cwe": {
"id": "CWE-680",
"name": "Integer Overflow to Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In _imagingcms.c in Pillow prior to 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/680.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28219"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2022-45198",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "summary",
"text": "Versions of Pillow before 9.2.0 improperly handle highly compressed GIF data (data amplification).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/409.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45198"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2023-5217",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap buffer overflow in vp8 encoding in libvpx, used by Google Chrome versions prior to 117.0.5938.132 and libvpx Version 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2023-35945",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u0027s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWAY frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if the connection is already marked for not sending more requests due to GOAWAY frame. The clean-up code is right after the return statement, causing a memory leak. This results in denial of service through memory exhaustion. This vulnerability was patched in Versions 1.26.3, 1.25.8, 1.24.9, 1.23.11.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as was exploited in the wild from August to October 2023.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "EcoStruxure Power Operation 2022 CU7 includes an updated version of PostgreSQL and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://community.se.com/t5/EcoStruxure-Power-Operation/v2022-Release-amp-Updates-Install-Procedure/m-p/491544#M7322"
},
{
"category": "mitigation",
"details": "Schneider Electric recommends users to employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for assistance removing a patch.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "If users choose not to apply the remediation mentioned above, Schneider Electric recommends the following:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL,OR",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For users of waveform analysis and ETAP simulation features, Schneider Electric recommends all deployments of EPO only accept connections from localhost in PostgresSQL. Contact Schneider Electric\u0027s Customer Care Center at https://www.se.com/us/en/work/support/contacts.jsp for information on how to modify PostgreSQL. Additionally, Schneider Electric recommends users manually uninstall PostgreSQL 14.10 and update to PostgreSQL 14.17 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/work/support/contacts.jsp"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf"
},
{
"category": "mitigation",
"details": "For more information, see the associated Schneider Electric security advisory SEVD-2025-189-03: EcoStruxure Power Operation PDF version(https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-03.pdf), or CSAF version](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2025-189-03.json"
},
{
"category": "mitigation",
"details": "Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices: \n Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. \n Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks. \n Place all controllers in locked cabinets and never leave them in the \"Program\" mode. \n Never connect programming software to any network other than the one intended for that device. \n Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks. \n Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation. \n Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet. \n When remote access is required, use secure methods such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the Schneider Electric recommended cybersecurity best practices document at https://www.se.com/us/en/download/document/7EN52-0390/ .",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
NCSC-2024-0246
Vulnerability from csaf_ncscnl - Published: 2024-06-11 13:29 - Updated: 2024-06-11 13:29Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten, zoals SCALANCE, SICAM, Tecnomatix, SITOP en PowerSys.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van beveiligingsmaatregel
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-1220: Insufficient Granularity of Access Control
CWE-123: Write-what-where Condition
CWE-125: Out-of-bounds Read
CWE-1333: Inefficient Regular Expression Complexity
CWE-170: Improper Null Termination
CWE-190: Integer Overflow or Wraparound
CWE-191: Integer Underflow (Wrap or Wraparound)
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-269: Improper Privilege Management
CWE-287: Improper Authentication
CWE-295: Improper Certificate Validation
CWE-311: Missing Encryption of Sensitive Data
CWE-319: Cleartext Transmission of Sensitive Information
CWE-321: Use of Hard-coded Cryptographic Key
CWE-325: Missing Cryptographic Step
CWE-326: Inadequate Encryption Strength
CWE-328: Use of Weak Hash
CWE-330: Use of Insufficiently Random Values
CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-379: Creation of Temporary File in Directory with Insecure Permissions
CWE-400: Uncontrolled Resource Consumption
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-404: Improper Resource Shutdown or Release
CWE-415: Double Free
CWE-416: Use After Free
CWE-476: NULL Pointer Dereference
CWE-522: Insufficiently Protected Credentials
CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-613: Insufficient Session Expiration
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-664: Improper Control of a Resource Through its Lifetime
CWE-667: Improper Locking
CWE-704: Incorrect Type Conversion or Cast
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-749: Exposed Dangerous Method or Function
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787: Out-of-bounds Write
CWE-833: Deadlock
CWE-834: Excessive Iteration
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-416
- Use After Free
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-1220
- Insufficient Granularity of Access Control
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-787
- Out-of-bounds Write
CWE-416
- Use After Free
CWE-416
- Use After Free
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416
- Use After Free
CWE-400
- Uncontrolled Resource Consumption
CWE-20
- Improper Input Validation
CWE-400
- Uncontrolled Resource Consumption
CWE-20
- Improper Input Validation
CWE-787
- Out-of-bounds Write
CWE-787
- Out-of-bounds Write
CWE-311
- Missing Encryption of Sensitive Data
CWE-787
- Out-of-bounds Write
CWE-400
- Uncontrolled Resource Consumption
CWE-476
- NULL Pointer Dereference
CWE-404
- Improper Resource Shutdown or Release
CWE-404
- Improper Resource Shutdown or Release
CWE-401
- Missing Release of Memory after Effective Lifetime
CWE-379
- Creation of Temporary File in Directory with Insecure Permissions
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125
- Out-of-bounds Read
CWE-349
- Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-321
- Use of Hard-coded Cryptographic Key
CWE-328
- Use of Weak Hash
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-567
- Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-400
- Uncontrolled Resource Consumption
CWE-78
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-835
- Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-170
- Improper Null Termination
CWE-269
- Improper Privilege Management
CWE-613
- Insufficient Session Expiration
CWE-352
- Cross-Site Request Forgery (CSRF)
CWE-522
- Insufficiently Protected Credentials
CWE-749
- Exposed Dangerous Method or Function
CWE-319
- Cleartext Transmission of Sensitive Information
CWE-614
- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-20
- Improper Input Validation
CWE-330
- Use of Insufficiently Random Values
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— |
CWE-287
- Improper Authentication
CWE-121
- Stack-based Buffer Overflow
CWE-787
- Out-of-bounds Write
CWE-326
- Inadequate Encryption Strength
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-123
- Write-what-where Condition
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-326
- Inadequate Encryption Strength
CWE-415
- Double Free
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-416
- Use After Free
CWE-681
- Incorrect Conversion between Numeric Types
CWE-190
- Integer Overflow or Wraparound
CWE-415
- Double Free
CWE-787
- Out-of-bounds Write
CWE-667
- Improper Locking
CWE-667
- Improper Locking
CWE-476
- NULL Pointer Dereference
CWE-476
- NULL Pointer Dereference
CWE-416
- Use After Free
CWE-401
- Missing Release of Memory after Effective Lifetime
CWE-416
- Use After Free
CWE-664
- Improper Control of a Resource Through its Lifetime
CWE-833
- Deadlock
CWE-416
- Use After Free
CWE-704
- Incorrect Type Conversion or Cast
CWE-295
- Improper Certificate Validation
CWE-295
- Improper Certificate Validation
CWE-295
- Improper Certificate Validation
CWE-787
- Out-of-bounds Write
CWE-787
- Out-of-bounds Write
CWE-667
- Improper Locking
CWE-404
- Improper Resource Shutdown or Release
CWE-404
- Improper Resource Shutdown or Release
CWE-754
- Improper Check for Unusual or Exceptional Conditions
CWE-416
- Use After Free
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-20
- Improper Input Validation
CWE-787
- Out-of-bounds Write
CWE-787
- Out-of-bounds Write
CWE-787
- Out-of-bounds Write
CWE-400
- Uncontrolled Resource Consumption
CWE-20
- Improper Input Validation
References
113 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten, zoals SCALANCE, SICAM, Tecnomatix, SITOP en PowerSys.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van beveiligingsmaatregel\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improper Null Termination",
"title": "CWE-170"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Use of Hard-coded Cryptographic Key",
"title": "CWE-321"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Use of Insufficiently Random Values",
"title": "CWE-330"
},
{
"category": "general",
"text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"title": "CWE-349"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Creation of Temporary File in Directory with Insecure Permissions",
"title": "CWE-379"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "Unsynchronized Access to Shared Data in a Multithreaded Context",
"title": "CWE-567"
},
{
"category": "general",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
},
{
"category": "general",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
},
{
"category": "general",
"text": "Improper Control of a Resource Through its Lifetime",
"title": "CWE-664"
},
{
"category": "general",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "general",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Exposed Dangerous Method or Function",
"title": "CWE-749"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Deadlock",
"title": "CWE-833"
},
{
"category": "general",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-024584.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-196737.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-238730.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-319319.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-337522.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-341067.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-481506.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-540640.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620338.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-625862.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-690517.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-879734.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear; siemens",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-900277.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-06-11T13:29:25.912614Z",
"id": "NCSC-2024-0246",
"initial_release_date": "2024-06-11T13:29:25.912614Z",
"revision_history": [
{
"date": "2024-06-11T13:29:25.912614Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "mendix",
"product": {
"name": "mendix",
"product_id": "CSAFPID-538452",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic",
"product": {
"name": "simatic",
"product_id": "CSAFPID-166121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec-nms",
"product": {
"name": "sinec-nms",
"product_id": "CSAFPID-163798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec-nms:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-166120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_administrator",
"product": {
"name": "tia_administrator",
"product_id": "CSAFPID-766096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "scalance_w700",
"product": {
"name": "scalance_w700",
"product_id": "CSAFPID-1009262",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "scalance_xm-400",
"product": {
"name": "scalance_xm-400",
"product_id": "CSAFPID-1014214",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "scalance_xr-500",
"product": {
"name": "scalance_xr-500",
"product_id": "CSAFPID-1014213",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_ak_3",
"product": {
"name": "sicam_ak_3",
"product_id": "CSAFPID-1007975",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam_ak_3:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_bc",
"product": {
"name": "sicam_bc",
"product_id": "CSAFPID-1007979",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam_bc:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_tm",
"product": {
"name": "sicam_tm",
"product_id": "CSAFPID-1007978",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam_tm:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc",
"product": {
"name": "siplus_tim_1531_irc",
"product_id": "CSAFPID-1326635",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sitop_ups1600",
"product": {
"name": "sitop_ups1600",
"product_id": "CSAFPID-1037908",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sitop_ups1600:-:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28319",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-28319",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28319.json"
}
],
"title": "CVE-2023-28319"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-28484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json"
}
],
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-29331",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-29331",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29331.json"
}
],
"title": "CVE-2023-29331"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-29469",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json"
}
],
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-32032",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-32032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32032.json"
}
],
"title": "CVE-2023-32032"
},
{
"cve": "CVE-2023-33126",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-33126",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33126.json"
}
],
"title": "CVE-2023-33126"
},
{
"cve": "CVE-2023-33127",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-33127",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33127.json"
}
],
"title": "CVE-2023-33127"
},
{
"cve": "CVE-2023-33128",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-33128",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33128.json"
}
],
"title": "CVE-2023-33128"
},
{
"cve": "CVE-2023-33135",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-33135",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33135.json"
}
],
"title": "CVE-2023-33135"
},
{
"cve": "CVE-2023-33170",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-33170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33170.json"
}
],
"title": "CVE-2023-33170"
},
{
"cve": "CVE-2023-35390",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35390",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35390.json"
}
],
"title": "CVE-2023-35390"
},
{
"cve": "CVE-2023-35391",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35391",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35391.json"
}
],
"title": "CVE-2023-35391"
},
{
"cve": "CVE-2023-35788",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35788",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35788.json"
}
],
"title": "CVE-2023-35788"
},
{
"cve": "CVE-2023-35823",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35823",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35823.json"
}
],
"title": "CVE-2023-35823"
},
{
"cve": "CVE-2023-35824",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35824",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35824.json"
}
],
"title": "CVE-2023-35824"
},
{
"cve": "CVE-2023-35828",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35828",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35828.json"
}
],
"title": "CVE-2023-35828"
},
{
"cve": "CVE-2023-35829",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-35829",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35829.json"
}
],
"title": "CVE-2023-35829"
},
{
"cve": "CVE-2023-36038",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36038",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36038.json"
}
],
"title": "CVE-2023-36038"
},
{
"cve": "CVE-2023-36049",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36049",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36049.json"
}
],
"title": "CVE-2023-36049"
},
{
"cve": "CVE-2023-36435",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36435",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36435.json"
}
],
"title": "CVE-2023-36435"
},
{
"cve": "CVE-2023-36558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36558",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36558.json"
}
],
"title": "CVE-2023-36558"
},
{
"cve": "CVE-2023-36792",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36792",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36792.json"
}
],
"title": "CVE-2023-36792"
},
{
"cve": "CVE-2023-36793",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36793",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36793.json"
}
],
"title": "CVE-2023-36793"
},
{
"cve": "CVE-2023-36794",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36794",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36794.json"
}
],
"title": "CVE-2023-36794"
},
{
"cve": "CVE-2023-36796",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36796",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36796.json"
}
],
"title": "CVE-2023-36796"
},
{
"cve": "CVE-2023-36799",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-36799",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36799.json"
}
],
"title": "CVE-2023-36799"
},
{
"cve": "CVE-2023-38171",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-38171",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38171.json"
}
],
"title": "CVE-2023-38171"
},
{
"cve": "CVE-2023-38178",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-38178",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38178.json"
}
],
"title": "CVE-2023-38178"
},
{
"cve": "CVE-2023-38180",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-38180",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38180.json"
}
],
"title": "CVE-2023-38180"
},
{
"cve": "CVE-2023-38380",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-38380",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38380.json"
}
],
"title": "CVE-2023-38380"
},
{
"cve": "CVE-2023-38533",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"notes": [
{
"category": "other",
"text": "Creation of Temporary File in Directory with Insecure Permissions",
"title": "CWE-379"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-38533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38533.json"
}
],
"title": "CVE-2023-38533"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-39615",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39615.json"
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-41910",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-41910",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41910.json"
}
],
"title": "CVE-2023-41910"
},
{
"cve": "CVE-2023-44317",
"cwe": {
"id": "CWE-349",
"name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
},
"notes": [
{
"category": "other",
"text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"title": "CWE-349"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44317",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44317.json"
}
],
"title": "CVE-2023-44317"
},
{
"cve": "CVE-2023-44318",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "other",
"text": "Use of Hard-coded Cryptographic Key",
"title": "CWE-321"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44318",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44318.json"
}
],
"title": "CVE-2023-44318"
},
{
"cve": "CVE-2023-44319",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44319",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44319.json"
}
],
"title": "CVE-2023-44319"
},
{
"cve": "CVE-2023-44373",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44373",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44373.json"
}
],
"title": "CVE-2023-44373"
},
{
"cve": "CVE-2023-44374",
"cwe": {
"id": "CWE-567",
"name": "Unsynchronized Access to Shared Data in a Multithreaded Context"
},
"notes": [
{
"category": "other",
"text": "Unsynchronized Access to Shared Data in a Multithreaded Context",
"title": "CWE-567"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44374",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44374.json"
}
],
"title": "CVE-2023-44374"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-49691",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-49691",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49691.json"
}
],
"title": "CVE-2023-49691"
},
{
"cve": "CVE-2023-50763",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-50763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50763.json"
}
],
"title": "CVE-2023-50763"
},
{
"cve": "CVE-2023-52474",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52474",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52474.json"
}
],
"title": "CVE-2023-52474"
},
{
"cve": "CVE-2024-0775",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0775.json"
}
],
"title": "CVE-2024-0775"
},
{
"cve": "CVE-2024-31484",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "other",
"text": "Improper Null Termination",
"title": "CWE-170"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-31484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31484.json"
}
],
"title": "CVE-2024-31484"
},
{
"cve": "CVE-2024-33500",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33500",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33500.json"
}
],
"title": "CVE-2024-33500"
},
{
"cve": "CVE-2024-35206",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "other",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35206",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35206.json"
}
],
"title": "CVE-2024-35206"
},
{
"cve": "CVE-2024-35207",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35207",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35207.json"
}
],
"title": "CVE-2024-35207"
},
{
"cve": "CVE-2024-35208",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "other",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35208",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35208.json"
}
],
"title": "CVE-2024-35208"
},
{
"cve": "CVE-2024-35209",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"notes": [
{
"category": "other",
"text": "Exposed Dangerous Method or Function",
"title": "CWE-749"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35209",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35209.json"
}
],
"title": "CVE-2024-35209"
},
{
"cve": "CVE-2024-35210",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35210",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35210.json"
}
],
"title": "CVE-2024-35210"
},
{
"cve": "CVE-2024-35211",
"cwe": {
"id": "CWE-614",
"name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
},
"notes": [
{
"category": "other",
"text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"title": "CWE-614"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35211.json"
}
],
"title": "CVE-2024-35211"
},
{
"cve": "CVE-2024-35212",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35212",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35212.json"
}
],
"title": "CVE-2024-35212"
},
{
"cve": "CVE-2024-35292",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "other",
"text": "Use of Insufficiently Random Values",
"title": "CWE-330"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35292",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35292.json"
}
],
"title": "CVE-2024-35292"
},
{
"cve": "CVE-2024-35303",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "other",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
}
],
"product_status": {
"known_affected": [
"CSAFPID-166120"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35303",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-166120"
]
}
],
"title": "CVE-2024-35303"
},
{
"cve": "CVE-2024-36266",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-36266",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36266.json"
}
],
"title": "CVE-2024-36266"
},
{
"cve": "CVE-2021-47178",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-47178",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-47178.json"
}
],
"title": "CVE-2021-47178"
},
{
"cve": "CVE-2022-1015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-1015",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1015.json"
}
],
"title": "CVE-2022-1015"
},
{
"cve": "CVE-2022-2097",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-2097",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2097.json"
}
],
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-3435",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3435",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3435.json"
}
],
"title": "CVE-2022-3435"
},
{
"cve": "CVE-2022-3545",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3545",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3545.json"
}
],
"title": "CVE-2022-3545"
},
{
"cve": "CVE-2022-3623",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3623",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3623.json"
}
],
"title": "CVE-2022-3623"
},
{
"cve": "CVE-2022-3643",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3643",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3643.json"
}
],
"title": "CVE-2022-3643"
},
{
"cve": "CVE-2022-4304",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-4304",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4304.json"
}
],
"title": "CVE-2022-4304"
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-4450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4450.json"
}
],
"title": "CVE-2022-4450"
},
{
"cve": "CVE-2022-36323",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-36323",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36323.json"
}
],
"title": "CVE-2022-36323"
},
{
"cve": "CVE-2022-39189",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-39189",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-39189.json"
}
],
"title": "CVE-2022-39189"
},
{
"cve": "CVE-2022-40225",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-40225",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40225.json"
}
],
"title": "CVE-2022-40225"
},
{
"cve": "CVE-2022-40303",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-40303",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40303.json"
}
],
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-40304",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40304.json"
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-41742",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-41742",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41742.json"
}
],
"title": "CVE-2022-41742"
},
{
"cve": "CVE-2022-42328",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-42328",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42328.json"
}
],
"title": "CVE-2022-42328"
},
{
"cve": "CVE-2022-42329",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-42329",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42329.json"
}
],
"title": "CVE-2022-42329"
},
{
"cve": "CVE-2022-44792",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-44792",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-44792.json"
}
],
"title": "CVE-2022-44792"
},
{
"cve": "CVE-2022-44793",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-44793",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-44793.json"
}
],
"title": "CVE-2022-44793"
},
{
"cve": "CVE-2022-45886",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-45886",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45886.json"
}
],
"title": "CVE-2022-45886"
},
{
"cve": "CVE-2022-45887",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-45887",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45887.json"
}
],
"title": "CVE-2022-45887"
},
{
"cve": "CVE-2022-45919",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-45919",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45919.json"
}
],
"title": "CVE-2022-45919"
},
{
"cve": "CVE-2022-46144",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "other",
"text": "Improper Control of a Resource Through its Lifetime",
"title": "CWE-664"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-46144",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46144.json"
}
],
"title": "CVE-2022-46144"
},
{
"cve": "CVE-2023-0160",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "other",
"text": "Deadlock",
"title": "CWE-833"
},
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0160",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0160.json"
}
],
"title": "CVE-2023-0160"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0215",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0215.json"
}
],
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "other",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0286.json"
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0464",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0464.json"
}
],
"title": "CVE-2023-0464"
},
{
"cve": "CVE-2023-0465",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0465",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0465.json"
}
],
"title": "CVE-2023-0465"
},
{
"cve": "CVE-2023-0466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0466.json"
}
],
"title": "CVE-2023-0466"
},
{
"cve": "CVE-2023-1017",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-1017",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1017.json"
}
],
"title": "CVE-2023-1017"
},
{
"cve": "CVE-2023-2124",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-2124",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2124.json"
}
],
"title": "CVE-2023-2124"
},
{
"cve": "CVE-2023-2269",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-2269",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2269.json"
}
],
"title": "CVE-2023-2269"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-3446",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json"
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-3817",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json"
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5678",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-21255",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-21255",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-21255.json"
}
],
"title": "CVE-2023-21255"
},
{
"cve": "CVE-2023-21808",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-21808",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-21808.json"
}
],
"title": "CVE-2023-21808"
},
{
"cve": "CVE-2023-24895",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-24895",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24895.json"
}
],
"title": "CVE-2023-24895"
},
{
"cve": "CVE-2023-24897",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-24897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24897.json"
}
],
"title": "CVE-2023-24897"
},
{
"cve": "CVE-2023-24936",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-24936",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24936.json"
}
],
"title": "CVE-2023-24936"
},
{
"cve": "CVE-2023-26552",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-26552",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json"
}
],
"title": "CVE-2023-26552"
},
{
"cve": "CVE-2023-26553",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-26553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json"
}
],
"title": "CVE-2023-26553"
},
{
"cve": "CVE-2023-26554",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-26554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json"
}
],
"title": "CVE-2023-26554"
},
{
"cve": "CVE-2023-27321",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27321.json"
}
],
"title": "CVE-2023-27321"
},
{
"cve": "CVE-2023-28260",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-28260",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28260.json"
}
],
"title": "CVE-2023-28260"
}
]
}
NCSC-2024-0293
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Communications Applications.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* Omzeilen van beveiligingsmaatregel
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-1329: Reliance on Component That is Not Updateable
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-203: Observable Discrepancy
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
5.3 (Medium)
Affected products
Known affected
262 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_evolved_communications_application_server
oracle
|
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
|
— | |
|
communications_interactive_session_recorder
oracle
|
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_services_gatekeeper
oracle
|
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_data_model
oracle
|
cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_session_manager
oracle
|
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
|
— | |
|
communications_unified_session_manager
oracle
|
cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_software
oracle
|
cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_software
oracle
|
cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*
|
— | |
|
communications_session_route_manager
oracle
|
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_ftp_table_base_retrieval
oracle
|
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_lnp_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_lnp_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_application_processor
oracle
|
cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
258 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server_-_service_controller
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_configuration_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_configuration_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_core_session_manager
oracle
|
cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*
|
— | |
|
communications_core_session_manager
oracle
|
cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_services_gatekeeper
oracle
|
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*
|
— | |
|
communications_session_router
oracle
|
cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_router
oracle
|
cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_subscriber-aware_load_balancer
oracle
|
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*
|
— | |
|
communications_subscriber-aware_load_balancer
oracle
|
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_application_server
oracle
|
cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_intelligence_hub
oracle
|
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence_center__pic__software
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_calendar_server
oracle
|
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_contacts_server
oracle
|
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_design_studio
oracle
|
cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
120 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
144 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
146 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_ip_service_activator
oracle
|
cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_instant_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_messaging_server
oracle
|
cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*
|
— | |
|
communications_metasolv_solution
oracle
|
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_order_and_service_management
oracle
|
cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergence
oracle
|
cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— |
CWE-416
- Use After Free
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_integrity
oracle
|
cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_offline_mediation_controller
oracle
|
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_slice_selection_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_fraud_monitor
oracle
|
cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_webrtc_session_controller
oracle
|
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_automated_test_suite
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_binding_support_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_console
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_data_analytics_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_exposure_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_function_cloud_native_environment
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_network_repository_function
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_policy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_security_edge_protection_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_service_communication_proxy
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_cloud_native_core_unified_data_repository
oracle
|
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*
|
— | |
|
communications_diameter_signaling_router
oracle
|
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*
|
— | |
|
communications_eagle_element_management_system
oracle
|
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*
|
— | |
|
communications_element_manager
oracle
|
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_analytics_data_director
oracle
|
cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*
|
— | |
|
communications_operations_monitor
oracle
|
cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*
|
— | |
|
communications_performance_intelligence
oracle
|
cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_policy_management
oracle
|
cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_border_controller
oracle
|
cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*
|
— | |
|
communications_session_report_manager
oracle
|
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*
|
— | |
|
communications_user_data_repository
oracle
|
cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*
|
— | |
|
communications_brm_-_elastic_charging_engine
oracle
|
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*
|
— | |
|
communications_billing_and_revenue_management
oracle
|
cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_converged_charging_system
oracle
|
cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_convergent_charging_controller
oracle
|
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_network_charging_and_control
oracle
|
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*
|
— | |
|
communications_pricing_design_center
oracle
|
cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*
|
— | |
|
communications_service_catalog_and_design
oracle
|
cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*
|
— | |
|
communications_unified_assurance
oracle
|
cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
— | |
|
communications_unified_inventory_management
oracle
|
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
— |
References
34 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications Applications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* Omzeilen van beveiligingsmaatregel\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Reliance on Component That is Not Updateable",
"title": "CWE-1329"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34381"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications Applications",
"tracking": {
"current_release_date": "2024-07-17T13:52:33.045762Z",
"id": "NCSC-2024-0293",
"initial_release_date": "2024-07-17T13:52:33.045762Z",
"revision_history": [
{
"date": "2024-07-17T13:52:33.045762Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-764735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-204639",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-204627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-912557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_billing_and_revenue_management",
"product": {
"name": "communications_billing_and_revenue_management",
"product_id": "CSAFPID-816793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-817694",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-817695",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm__-_elastic_charging_engine",
"product": {
"name": "communications_brm__-_elastic_charging_engine",
"product_id": "CSAFPID-912100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm__-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-764247",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_brm_-_elastic_charging_engine",
"product": {
"name": "communications_brm_-_elastic_charging_engine",
"product_id": "CSAFPID-912556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_calendar_server",
"product": {
"name": "communications_calendar_server",
"product_id": "CSAFPID-764736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_calendar_server",
"product": {
"name": "communications_calendar_server",
"product_id": "CSAFPID-220190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_configuration_console",
"product": {
"name": "communications_cloud_native_configuration_console",
"product_id": "CSAFPID-391501",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_configuration_console",
"product": {
"name": "communications_cloud_native_configuration_console",
"product_id": "CSAFPID-440102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-89545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-180215",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-180197",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-41516",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-41515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220057",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220055",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-220909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816766",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-816767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_automated_test_suite",
"product": {
"name": "communications_cloud_native_core_automated_test_suite",
"product_id": "CSAFPID-1503577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-764237",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-40612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-608629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-93784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-41111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1685",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-493445",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-294401",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-220547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-764824",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-220459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45184",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-45181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-912066",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-912067",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_binding_support_function",
"product": {
"name": "communications_cloud_native_core_binding_support_function",
"product_id": "CSAFPID-1503323",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-93546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-180195",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-187447",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-45186",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-45185",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-220559",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-220558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-764238",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-764239",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-816769",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-912085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_console",
"product": {
"name": "communications_cloud_native_core_console",
"product_id": "CSAFPID-1503578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-764825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-816771",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-912068",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_data_analytics_function",
"product": {
"name": "communications_cloud_native_core_network_data_analytics_function",
"product_id": "CSAFPID-1503579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-180201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-760687",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-40947",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-93635",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-503534",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-90018",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-220327",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-94290",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-220325",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-614513",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-643776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-816772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-912076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_exposure_function",
"product": {
"name": "communications_cloud_native_core_network_exposure_function",
"product_id": "CSAFPID-1503580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912539",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912540",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912541",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912542",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912543",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-2044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-449747",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-449746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-40298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-223527",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-503493",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-260394",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-219838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-611387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-618156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-816773",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-912101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product": {
"name": "communications_cloud_native_core_network_function_cloud_native_environment",
"product_id": "CSAFPID-1503581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816775",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912544",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-40611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-40609",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-180198",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-760688",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-493444",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-93633",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220056",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-223511",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-216017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614516",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-220918",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-614514",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-816346",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-912077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_repository_function",
"product": {
"name": "communications_cloud_native_core_network_repository_function",
"product_id": "CSAFPID-1503322",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-40608",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-180199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-260395",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-260393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816348",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-912545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_network_slice_selection_function",
"product": {
"name": "communications_cloud_native_core_network_slice_selection_function",
"product_id": "CSAFPID-816347",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-764240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-220468",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-2310",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-93547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-180200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-93636",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-90020",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-90015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-220133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-912069",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-912070",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_policy",
"product": {
"name": "communications_cloud_native_core_policy",
"product_id": "CSAFPID-765371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-180216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-180202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-40300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-93653",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-40949",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-642000",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-93634",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220561",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-90021",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-94292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-218028",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-94291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220910",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-220324",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-611401",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-816778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-614517",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-912547",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product": {
"name": "communications_cloud_native_core_security_edge_protection_proxy",
"product_id": "CSAFPID-1503582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-166032",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-40610",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-642002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-493443",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-642001",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-224796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-224795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-912549",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_service_communication_proxy",
"product": {
"name": "communications_cloud_native_core_service_communication_proxy",
"product_id": "CSAFPID-1503585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-180217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-180196",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-165576",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764899",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-589926",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-179780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-40948",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-589925",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-179779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-90019",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-90016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-220326",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-764241",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-816349",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-912550",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_cloud_native_core_unified_data_repository",
"product": {
"name": "communications_cloud_native_core_unified_data_repository",
"product_id": "CSAFPID-1503587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-764737",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-224787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_contacts_server",
"product": {
"name": "communications_contacts_server",
"product_id": "CSAFPID-220189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server_-_service_controller",
"product": {
"name": "communications_converged_application_server_-_service_controller",
"product_id": "CSAFPID-426842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server_-_service_controller",
"product": {
"name": "communications_converged_application_server_-_service_controller",
"product_id": "CSAFPID-764734",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-764827",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_application_server",
"product": {
"name": "communications_converged_application_server",
"product_id": "CSAFPID-764828",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_converged_charging_system",
"product": {
"name": "communications_converged_charging_system",
"product_id": "CSAFPID-1503600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-345031",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-204635",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-764833",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-224793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergence",
"product": {
"name": "communications_convergence",
"product_id": "CSAFPID-816794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-342793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-764248",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-816350",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_convergent_charging_controller",
"product": {
"name": "communications_convergent_charging_controller",
"product_id": "CSAFPID-1261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_core_session_manager",
"product": {
"name": "communications_core_session_manager",
"product_id": "CSAFPID-93777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_core_session_manager",
"product": {
"name": "communications_core_session_manager",
"product_id": "CSAFPID-93772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_data_model",
"product": {
"name": "communications_data_model",
"product_id": "CSAFPID-764902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-765372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-342799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704412",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704411",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-41183",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_design_studio",
"product": {
"name": "communications_design_studio",
"product_id": "CSAFPID-704410",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_intelligence_hub",
"product": {
"name": "communications_diameter_intelligence_hub",
"product_id": "CSAFPID-342802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_intelligence_hub",
"product": {
"name": "communications_diameter_intelligence_hub",
"product_id": "CSAFPID-764829",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912551",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-912552",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1503588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-1882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-40293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_diameter_signaling_router",
"product": {
"name": "communications_diameter_signaling_router",
"product_id": "CSAFPID-611413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_application_processor",
"product": {
"name": "communications_eagle_application_processor",
"product_id": "CSAFPID-765369",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-204528",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503316",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_element_management_system",
"product": {
"name": "communications_eagle_element_management_system",
"product_id": "CSAFPID-1503317",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_ftp_table_base_retrieval",
"product": {
"name": "communications_eagle_ftp_table_base_retrieval",
"product_id": "CSAFPID-204623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_lnp_application_processor",
"product": {
"name": "communications_eagle_lnp_application_processor",
"product_id": "CSAFPID-352633",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_lnp_application_processor",
"product": {
"name": "communications_eagle_lnp_application_processor",
"product_id": "CSAFPID-352632",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_software",
"product": {
"name": "communications_eagle_software",
"product_id": "CSAFPID-765366",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_eagle_software",
"product": {
"name": "communications_eagle_software",
"product_id": "CSAFPID-765365",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_elastic_charging_engine",
"product": {
"name": "communications_elastic_charging_engine",
"product_id": "CSAFPID-764834",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-764242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-93630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-345038",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-93629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-611422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_element_manager",
"product": {
"name": "communications_element_manager",
"product_id": "CSAFPID-816780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_evolved_communications_application_server",
"product": {
"name": "communications_evolved_communications_application_server",
"product_id": "CSAFPID-204645",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-816782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_fraud_monitor",
"product": {
"name": "communications_fraud_monitor",
"product_id": "CSAFPID-912553",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-207586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-234306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_instant_messaging_server",
"product": {
"name": "communications_instant_messaging_server",
"product_id": "CSAFPID-219803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_interactive_session_recorder",
"product": {
"name": "communications_interactive_session_recorder",
"product_id": "CSAFPID-1893",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-204622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_ip_service_activator",
"product": {
"name": "communications_ip_service_activator",
"product_id": "CSAFPID-219909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-41182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-764835",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-375182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_messaging_server",
"product": {
"name": "communications_messaging_server",
"product_id": "CSAFPID-816351",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_metasolv_solution",
"product": {
"name": "communications_metasolv_solution",
"product_id": "CSAFPID-226017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_metasolv_solution",
"product": {
"name": "communications_metasolv_solution",
"product_id": "CSAFPID-611595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816783",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816786",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816787",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816785",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816788",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-220167",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-764243",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816353",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-816352",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_analytics_data_director",
"product": {
"name": "communications_network_analytics_data_director",
"product_id": "CSAFPID-1503590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-342803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-764249",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-1266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-816354",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_charging_and_control",
"product": {
"name": "communications_network_charging_and_control",
"product_id": "CSAFPID-204563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-220125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-245244",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-204554",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_network_integrity",
"product": {
"name": "communications_network_integrity",
"product_id": "CSAFPID-219776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-765242",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-916905",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_offline_mediation_controller",
"product": {
"name": "communications_offline_mediation_controller",
"product_id": "CSAFPID-916906",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-9489",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-110249",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-93781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-220132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_operations_monitor",
"product": {
"name": "communications_operations_monitor",
"product_id": "CSAFPID-912079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-219898",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-224791",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-179774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-224790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_order_and_service_management",
"product": {
"name": "communications_order_and_service_management",
"product_id": "CSAFPID-221118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-765367",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-765368",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence_center__pic__software",
"product": {
"name": "communications_performance_intelligence_center__pic__software",
"product_id": "CSAFPID-764830",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_performance_intelligence",
"product": {
"name": "communications_performance_intelligence",
"product_id": "CSAFPID-1503591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-573035",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-611406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-45192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816789",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_policy_management",
"product": {
"name": "communications_policy_management",
"product_id": "CSAFPID-816790",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-764738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-204595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-228321",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-204590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-816356",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_pricing_design_center",
"product": {
"name": "communications_pricing_design_center",
"product_id": "CSAFPID-816355",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816359",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816358",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-816357",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-1503602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_service_catalog_and_design",
"product": {
"name": "communications_service_catalog_and_design",
"product_id": "CSAFPID-912558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_services_gatekeeper",
"product": {
"name": "communications_services_gatekeeper",
"product_id": "CSAFPID-608630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40294",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-40291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_border_controller",
"product": {
"name": "communications_session_border_controller",
"product_id": "CSAFPID-1503595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-342804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-93631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-345039",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-93628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-611423",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_report_manager",
"product": {
"name": "communications_session_report_manager",
"product_id": "CSAFPID-816791",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_route_manager",
"product": {
"name": "communications_session_route_manager",
"product_id": "CSAFPID-342805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_router",
"product": {
"name": "communications_session_router",
"product_id": "CSAFPID-764780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_session_router",
"product": {
"name": "communications_session_router",
"product_id": "CSAFPID-764781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_subscriber-aware_load_balancer",
"product": {
"name": "communications_subscriber-aware_load_balancer",
"product_id": "CSAFPID-93775",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_subscriber-aware_load_balancer",
"product": {
"name": "communications_subscriber-aware_load_balancer",
"product_id": "CSAFPID-93774",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-240600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-78764",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-816360",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-78762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-764901",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_assurance",
"product": {
"name": "communications_unified_assurance",
"product_id": "CSAFPID-614089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-764739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-8984",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-204569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-219826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_inventory_management",
"product": {
"name": "communications_unified_inventory_management",
"product_id": "CSAFPID-912073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_session_manager",
"product": {
"name": "communications_unified_session_manager",
"product_id": "CSAFPID-110243",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_unified_session_manager",
"product": {
"name": "communications_unified_session_manager",
"product_id": "CSAFPID-205759",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-1503598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-76994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-764900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-568240",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-355340",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-764782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_user_data_repository",
"product": {
"name": "communications_user_data_repository",
"product_id": "CSAFPID-912080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-912554",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-703515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-611408",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-204456",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_webrtc_session_controller",
"product": {
"name": "communications_webrtc_session_controller",
"product_id": "CSAFPID-611407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2310",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-219776",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-220548",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-187447",
"CSAFPID-760687",
"CSAFPID-40947",
"CSAFPID-2044",
"CSAFPID-449747",
"CSAFPID-40301",
"CSAFPID-449746",
"CSAFPID-40298",
"CSAFPID-223527",
"CSAFPID-760688",
"CSAFPID-40300",
"CSAFPID-93653",
"CSAFPID-40949",
"CSAFPID-642000",
"CSAFPID-642002",
"CSAFPID-642001",
"CSAFPID-165576",
"CSAFPID-764899",
"CSAFPID-40948",
"CSAFPID-426842",
"CSAFPID-93630",
"CSAFPID-204645",
"CSAFPID-1893",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40294",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93631",
"CSAFPID-764900",
"CSAFPID-568240",
"CSAFPID-355340",
"CSAFPID-703515",
"CSAFPID-204456",
"CSAFPID-204635",
"CSAFPID-1261",
"CSAFPID-41182",
"CSAFPID-204563",
"CSAFPID-219898",
"CSAFPID-179774",
"CSAFPID-764901",
"CSAFPID-764902",
"CSAFPID-110243",
"CSAFPID-205759",
"CSAFPID-9489",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-8984",
"CSAFPID-110249",
"CSAFPID-765365",
"CSAFPID-765366",
"CSAFPID-342805",
"CSAFPID-1882",
"CSAFPID-573035",
"CSAFPID-765367",
"CSAFPID-765368",
"CSAFPID-76994",
"CSAFPID-204623",
"CSAFPID-352633",
"CSAFPID-352632",
"CSAFPID-765369",
"CSAFPID-204528",
"CSAFPID-342802",
"CSAFPID-40610",
"CSAFPID-40611",
"CSAFPID-40609",
"CSAFPID-180198",
"CSAFPID-180217",
"CSAFPID-180196",
"CSAFPID-40612",
"CSAFPID-180201",
"CSAFPID-180216",
"CSAFPID-180202",
"CSAFPID-40613",
"CSAFPID-40608",
"CSAFPID-180199",
"CSAFPID-93546",
"CSAFPID-180195",
"CSAFPID-93547",
"CSAFPID-180200",
"CSAFPID-765371",
"CSAFPID-89545",
"CSAFPID-180215",
"CSAFPID-180197",
"CSAFPID-204639",
"CSAFPID-204627",
"CSAFPID-342799",
"CSAFPID-765372",
"CSAFPID-220125",
"CSAFPID-245244",
"CSAFPID-204554",
"CSAFPID-204614",
"CSAFPID-207586",
"CSAFPID-345031",
"CSAFPID-204595",
"CSAFPID-204590",
"CSAFPID-224787",
"CSAFPID-1503577",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-912556",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-816350",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2310",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-219776",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-220548",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-187447",
"CSAFPID-760687",
"CSAFPID-40947",
"CSAFPID-2044",
"CSAFPID-449747",
"CSAFPID-40301",
"CSAFPID-449746",
"CSAFPID-40298",
"CSAFPID-223527",
"CSAFPID-760688",
"CSAFPID-40300",
"CSAFPID-93653",
"CSAFPID-40949",
"CSAFPID-642000",
"CSAFPID-642002",
"CSAFPID-642001",
"CSAFPID-165576",
"CSAFPID-764899",
"CSAFPID-40948",
"CSAFPID-426842",
"CSAFPID-93630",
"CSAFPID-204645",
"CSAFPID-1893",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40294",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93631",
"CSAFPID-764900",
"CSAFPID-568240",
"CSAFPID-355340",
"CSAFPID-703515",
"CSAFPID-204456",
"CSAFPID-204635",
"CSAFPID-1261",
"CSAFPID-41182",
"CSAFPID-204563",
"CSAFPID-219898",
"CSAFPID-179774",
"CSAFPID-764901",
"CSAFPID-764902",
"CSAFPID-110243",
"CSAFPID-205759",
"CSAFPID-9489",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-8984",
"CSAFPID-110249",
"CSAFPID-765365",
"CSAFPID-765366",
"CSAFPID-342805",
"CSAFPID-1882",
"CSAFPID-573035",
"CSAFPID-765367",
"CSAFPID-765368",
"CSAFPID-76994",
"CSAFPID-204623",
"CSAFPID-352633",
"CSAFPID-352632",
"CSAFPID-765369",
"CSAFPID-204528",
"CSAFPID-342802",
"CSAFPID-40610",
"CSAFPID-40611",
"CSAFPID-40609",
"CSAFPID-180198",
"CSAFPID-180217",
"CSAFPID-180196",
"CSAFPID-40612",
"CSAFPID-180201",
"CSAFPID-180216",
"CSAFPID-180202",
"CSAFPID-40613",
"CSAFPID-40608",
"CSAFPID-180199",
"CSAFPID-93546",
"CSAFPID-180195",
"CSAFPID-93547",
"CSAFPID-180200",
"CSAFPID-765371",
"CSAFPID-89545",
"CSAFPID-180215",
"CSAFPID-180197",
"CSAFPID-204639",
"CSAFPID-204627",
"CSAFPID-342799",
"CSAFPID-765372",
"CSAFPID-220125",
"CSAFPID-245244",
"CSAFPID-204554",
"CSAFPID-204614",
"CSAFPID-207586",
"CSAFPID-345031",
"CSAFPID-204595",
"CSAFPID-204590",
"CSAFPID-224787",
"CSAFPID-1503577",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-912556",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-816350",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-29489",
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29489",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29489.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2021-29489"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219776",
"CSAFPID-345038",
"CSAFPID-219909",
"CSAFPID-204622",
"CSAFPID-345039",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-391501",
"CSAFPID-440102",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-45181",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-90018",
"CSAFPID-94290",
"CSAFPID-260394",
"CSAFPID-94292",
"CSAFPID-218028",
"CSAFPID-493443",
"CSAFPID-90019",
"CSAFPID-90016",
"CSAFPID-93777",
"CSAFPID-93772",
"CSAFPID-93629",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93628",
"CSAFPID-764780",
"CSAFPID-764781",
"CSAFPID-93775",
"CSAFPID-93774",
"CSAFPID-764782",
"CSAFPID-1261",
"CSAFPID-204563",
"CSAFPID-8984",
"CSAFPID-220548",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816352",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816795",
"CSAFPID-816359",
"CSAFPID-816796",
"CSAFPID-816358",
"CSAFPID-816797",
"CSAFPID-816357",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-912073",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-219776",
"CSAFPID-345038",
"CSAFPID-219909",
"CSAFPID-204622",
"CSAFPID-345039",
"CSAFPID-764237",
"CSAFPID-220558",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-614513",
"CSAFPID-643776",
"CSAFPID-611387",
"CSAFPID-618156",
"CSAFPID-614516",
"CSAFPID-614515",
"CSAFPID-614514",
"CSAFPID-764240",
"CSAFPID-94291",
"CSAFPID-611401",
"CSAFPID-614517",
"CSAFPID-764241",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-611406",
"CSAFPID-342804",
"CSAFPID-611408",
"CSAFPID-611407",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-611595",
"CSAFPID-764249",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-220057",
"CSAFPID-220055",
"CSAFPID-220909",
"CSAFPID-45184",
"CSAFPID-45182",
"CSAFPID-220559",
"CSAFPID-220327",
"CSAFPID-220325",
"CSAFPID-219838",
"CSAFPID-220056",
"CSAFPID-223511",
"CSAFPID-216017",
"CSAFPID-220889",
"CSAFPID-220918",
"CSAFPID-90020",
"CSAFPID-90015",
"CSAFPID-220133",
"CSAFPID-220561",
"CSAFPID-90021",
"CSAFPID-220881",
"CSAFPID-220910",
"CSAFPID-220324",
"CSAFPID-224796",
"CSAFPID-224795",
"CSAFPID-220326",
"CSAFPID-764734",
"CSAFPID-220167",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-764735",
"CSAFPID-764736",
"CSAFPID-764737",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-704412",
"CSAFPID-704411",
"CSAFPID-704410",
"CSAFPID-219803",
"CSAFPID-375182",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-224791",
"CSAFPID-764738",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-391501",
"CSAFPID-440102",
"CSAFPID-41516",
"CSAFPID-41515",
"CSAFPID-45181",
"CSAFPID-45186",
"CSAFPID-45185",
"CSAFPID-90018",
"CSAFPID-94290",
"CSAFPID-260394",
"CSAFPID-94292",
"CSAFPID-218028",
"CSAFPID-493443",
"CSAFPID-90019",
"CSAFPID-90016",
"CSAFPID-93777",
"CSAFPID-93772",
"CSAFPID-93629",
"CSAFPID-45192",
"CSAFPID-608630",
"CSAFPID-40292",
"CSAFPID-40291",
"CSAFPID-93628",
"CSAFPID-764780",
"CSAFPID-764781",
"CSAFPID-93775",
"CSAFPID-93774",
"CSAFPID-764782",
"CSAFPID-1261",
"CSAFPID-204563",
"CSAFPID-8984",
"CSAFPID-220548",
"CSAFPID-608629",
"CSAFPID-93784",
"CSAFPID-41111",
"CSAFPID-1685",
"CSAFPID-493445",
"CSAFPID-294401",
"CSAFPID-220547",
"CSAFPID-764824",
"CSAFPID-220459",
"CSAFPID-764825",
"CSAFPID-93635",
"CSAFPID-503534",
"CSAFPID-503493",
"CSAFPID-493444",
"CSAFPID-93633",
"CSAFPID-260395",
"CSAFPID-260393",
"CSAFPID-220468",
"CSAFPID-93636",
"CSAFPID-93634",
"CSAFPID-589926",
"CSAFPID-179780",
"CSAFPID-589925",
"CSAFPID-179779",
"CSAFPID-764826",
"CSAFPID-764827",
"CSAFPID-764828",
"CSAFPID-764829",
"CSAFPID-764830",
"CSAFPID-220190",
"CSAFPID-220189",
"CSAFPID-764833",
"CSAFPID-41183",
"CSAFPID-764834",
"CSAFPID-234306",
"CSAFPID-764835",
"CSAFPID-226017",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816352",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816795",
"CSAFPID-816359",
"CSAFPID-816796",
"CSAFPID-816358",
"CSAFPID-816797",
"CSAFPID-816357",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-912073",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-34381",
"cwe": {
"id": "CWE-1329",
"name": "Reliance on Component That is Not Updateable"
},
"notes": [
{
"category": "other",
"text": "Reliance on Component That is Not Updateable",
"title": "CWE-1329"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219776",
"CSAFPID-912073",
"CSAFPID-219826",
"CSAFPID-8984",
"CSAFPID-204569",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34381",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34381.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-219776",
"CSAFPID-912073",
"CSAFPID-219826",
"CSAFPID-8984",
"CSAFPID-204569",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-912557",
"CSAFPID-765242",
"CSAFPID-912558",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2022-34381"
},
{
"cve": "CVE-2023-5981",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5981",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2023-5981"
},
{
"cve": "CVE-2023-29081",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-912539",
"CSAFPID-816773",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-614517",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912553",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-912554",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json"
}
],
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-35116",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-40293",
"CSAFPID-94291",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-220558",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-240600",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611401",
"CSAFPID-611406",
"CSAFPID-611407",
"CSAFPID-611408",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614513",
"CSAFPID-614514",
"CSAFPID-614515",
"CSAFPID-614516",
"CSAFPID-614517",
"CSAFPID-618156",
"CSAFPID-643776",
"CSAFPID-764237",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-764240",
"CSAFPID-764241",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-764249",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-35116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-40293",
"CSAFPID-94291",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-220558",
"CSAFPID-221118",
"CSAFPID-224790",
"CSAFPID-240600",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611401",
"CSAFPID-611406",
"CSAFPID-611407",
"CSAFPID-611408",
"CSAFPID-611413",
"CSAFPID-611595",
"CSAFPID-614513",
"CSAFPID-614514",
"CSAFPID-614515",
"CSAFPID-614516",
"CSAFPID-614517",
"CSAFPID-618156",
"CSAFPID-643776",
"CSAFPID-764237",
"CSAFPID-764238",
"CSAFPID-764239",
"CSAFPID-764240",
"CSAFPID-764241",
"CSAFPID-764242",
"CSAFPID-764243",
"CSAFPID-764247",
"CSAFPID-764248",
"CSAFPID-764249",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-94291",
"CSAFPID-342804",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-240600",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-1265",
"CSAFPID-1266",
"CSAFPID-40293",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-816346",
"CSAFPID-816347",
"CSAFPID-816348",
"CSAFPID-816349",
"CSAFPID-816350",
"CSAFPID-816351",
"CSAFPID-816352",
"CSAFPID-816353",
"CSAFPID-816354",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-912069",
"CSAFPID-912077",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764738",
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816776",
"CSAFPID-816777",
"CSAFPID-816778",
"CSAFPID-816779",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816786",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46218",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-90016",
"CSAFPID-93781",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-220132",
"CSAFPID-224795",
"CSAFPID-342804",
"CSAFPID-611387",
"CSAFPID-611413",
"CSAFPID-614517",
"CSAFPID-764237",
"CSAFPID-764240",
"CSAFPID-764242",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-764739",
"CSAFPID-764826",
"CSAFPID-765242",
"CSAFPID-816348",
"CSAFPID-816773",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-912068",
"CSAFPID-912073",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-912079",
"CSAFPID-912080",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-94291",
"CSAFPID-816778",
"CSAFPID-614517",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-40293",
"CSAFPID-764242",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816352",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-816351",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-90016",
"CSAFPID-764826",
"CSAFPID-345038",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-93781",
"CSAFPID-345039",
"CSAFPID-912080",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-611413",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-240600",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816765",
"CSAFPID-816766",
"CSAFPID-816767",
"CSAFPID-816768",
"CSAFPID-816769",
"CSAFPID-816770",
"CSAFPID-816771",
"CSAFPID-816772",
"CSAFPID-219838",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-816774",
"CSAFPID-816775",
"CSAFPID-816346",
"CSAFPID-816776",
"CSAFPID-816348",
"CSAFPID-816777",
"CSAFPID-816347",
"CSAFPID-94291",
"CSAFPID-816778",
"CSAFPID-614517",
"CSAFPID-816779",
"CSAFPID-816349",
"CSAFPID-40293",
"CSAFPID-764242",
"CSAFPID-816780",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-816783",
"CSAFPID-816784",
"CSAFPID-816785",
"CSAFPID-816353",
"CSAFPID-816786",
"CSAFPID-816352",
"CSAFPID-342804",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-224793",
"CSAFPID-342793",
"CSAFPID-1265",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-204622",
"CSAFPID-219909",
"CSAFPID-219803",
"CSAFPID-816351",
"CSAFPID-611595",
"CSAFPID-342803",
"CSAFPID-1266",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-224790",
"CSAFPID-221118",
"CSAFPID-912076",
"CSAFPID-912077",
"CSAFPID-912078",
"CSAFPID-90016",
"CSAFPID-764826",
"CSAFPID-345038",
"CSAFPID-912079",
"CSAFPID-220132",
"CSAFPID-93781",
"CSAFPID-345039",
"CSAFPID-912080",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-912068",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912101",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-764240",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-224795",
"CSAFPID-912548",
"CSAFPID-611413",
"CSAFPID-8984",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-240600",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-816357",
"CSAFPID-816358",
"CSAFPID-816359",
"CSAFPID-816787",
"CSAFPID-816788",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-816791",
"CSAFPID-219776",
"CSAFPID-219826",
"CSAFPID-816793",
"CSAFPID-816794",
"CSAFPID-816795",
"CSAFPID-816796",
"CSAFPID-816797",
"CSAFPID-764739",
"CSAFPID-765242",
"CSAFPID-912073",
"CSAFPID-912102",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-1503601",
"CSAFPID-1503602"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764237",
"CSAFPID-912068",
"CSAFPID-912076",
"CSAFPID-611387",
"CSAFPID-816773",
"CSAFPID-912077",
"CSAFPID-816348",
"CSAFPID-764240",
"CSAFPID-614517",
"CSAFPID-224795",
"CSAFPID-764826",
"CSAFPID-90016",
"CSAFPID-912078",
"CSAFPID-611413",
"CSAFPID-764242",
"CSAFPID-816781",
"CSAFPID-816782",
"CSAFPID-93781",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-342804",
"CSAFPID-912080",
"CSAFPID-764247",
"CSAFPID-764735",
"CSAFPID-219776",
"CSAFPID-765242",
"CSAFPID-764739",
"CSAFPID-204510",
"CSAFPID-204569",
"CSAFPID-219826",
"CSAFPID-912073",
"CSAFPID-912085",
"CSAFPID-912101",
"CSAFPID-912102",
"CSAFPID-912539",
"CSAFPID-912540",
"CSAFPID-912541",
"CSAFPID-912542",
"CSAFPID-912543",
"CSAFPID-912544",
"CSAFPID-912545",
"CSAFPID-912546",
"CSAFPID-912547",
"CSAFPID-912548",
"CSAFPID-912549",
"CSAFPID-912550",
"CSAFPID-912551",
"CSAFPID-912552",
"CSAFPID-912553",
"CSAFPID-912554",
"CSAFPID-912556",
"CSAFPID-912557",
"CSAFPID-912558",
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-1503582",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220055",
"CSAFPID-1503577",
"CSAFPID-764237",
"CSAFPID-912085",
"CSAFPID-1503578",
"CSAFPID-1503579",
"CSAFPID-1503580",
"CSAFPID-912101",
"CSAFPID-1503581",
"CSAFPID-1503322",
"CSAFPID-912069",
"CSAFPID-764240",
"CSAFPID-912547",
"CSAFPID-1503582",
"CSAFPID-912549",
"CSAFPID-1503583",
"CSAFPID-1503584",
"CSAFPID-1503585",
"CSAFPID-1503586",
"CSAFPID-1503587",
"CSAFPID-1503588",
"CSAFPID-1503316",
"CSAFPID-1503317",
"CSAFPID-764242",
"CSAFPID-1503589",
"CSAFPID-1503590",
"CSAFPID-220132",
"CSAFPID-912079",
"CSAFPID-1503591",
"CSAFPID-816789",
"CSAFPID-816790",
"CSAFPID-1503592",
"CSAFPID-1503593",
"CSAFPID-1503594",
"CSAFPID-1503595",
"CSAFPID-342804",
"CSAFPID-1503596",
"CSAFPID-1503597",
"CSAFPID-1503598",
"CSAFPID-764247",
"CSAFPID-912556",
"CSAFPID-764735",
"CSAFPID-816793",
"CSAFPID-1503599",
"CSAFPID-1503600",
"CSAFPID-342793",
"CSAFPID-816350",
"CSAFPID-1261",
"CSAFPID-342803",
"CSAFPID-816354",
"CSAFPID-204563",
"CSAFPID-764738",
"CSAFPID-816355",
"CSAFPID-1503601",
"CSAFPID-1503602",
"CSAFPID-240600",
"CSAFPID-204510",
"CSAFPID-204569"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
}
],
"title": "CVE-2024-29133"
}
]
}
NCSC-2024-0294
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-681: Incorrect Conversion between Numeric Types
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-345: Insufficient Verification of Data Authenticity
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-416: Use After Free
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450: Multiple Interpretations of UI Input
CWE-459: Incomplete Cleanup
CWE-476: NULL Pointer Dereference
CWE-502: Deserialization of Untrusted Data
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-502
- Deserialization of Untrusted Data
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-192
- Integer Coercion Error
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
References
80 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48174"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26130"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2024-07-17T13:52:53.293003Z",
"id": "NCSC-2024-0294",
"initial_release_date": "2024-07-17T13:52:53.293003Z",
"revision_history": [
{
"date": "2024-07-17T13:52:53.293003Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-204629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json"
}
],
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-204629",
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42890",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48174",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28752",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34069"
}
]
}
NCSC-2024-0306
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:55 - Updated: 2024-07-17 13:55Summary
Kwetsbaarheden verholpen in Oracle Supply Chain
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Supply Chain.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-681: Incorrect Conversion between Numeric Types
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-192
- Integer Coercion Error
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
autovue_for_agile_product_lifecycle_management
oracle
|
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
|
— | |
|
agile_engineering_data_management
oracle
|
cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
autovue_for_agile_product_lifecycle_management
oracle
|
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
|
— | |
|
agile_engineering_data_management
oracle
|
cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
agile_engineering_data_management
oracle
|
cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*
|
— | |
|
autovue_for_agile_product_lifecycle_management
oracle
|
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
agile_engineering_data_management
oracle
|
cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*
|
— | |
|
autovue_for_agile_product_lifecycle_management
oracle
|
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
agile_engineering_data_management
oracle
|
cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*
|
— | |
|
autovue_for_agile_product_lifecycle_management
oracle
|
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
|
— |
References
12 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Supply Chain.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": " Kwetsbaarheden verholpen in Oracle Supply Chain",
"tracking": {
"current_release_date": "2024-07-17T13:55:37.062720Z",
"id": "NCSC-2024-0306",
"initial_release_date": "2024-07-17T13:55:37.062720Z",
"revision_history": [
{
"date": "2024-07-17T13:55:37.062720Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "agile_engineering_data_management",
"product": {
"name": "agile_engineering_data_management",
"product_id": "CSAFPID-764768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:agile_engineering_data_management:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autovue_for_agile_product_lifecycle_management",
"product": {
"name": "autovue_for_agile_product_lifecycle_management",
"product_id": "CSAFPID-2302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2302",
"CSAFPID-764768"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2302",
"CSAFPID-764768"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-37536",
"product_status": {
"known_affected": [
"CSAFPID-764768",
"CSAFPID-2302"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37536",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37536.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-764768",
"CSAFPID-2302"
]
}
],
"title": "CVE-2023-37536"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764768",
"CSAFPID-2302"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764768",
"CSAFPID-2302"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764768",
"CSAFPID-2302"
]
}
],
"title": "CVE-2023-46589"
}
]
}
NCSC-2024-0332
Vulnerability from csaf_ncscnl - Published: 2024-08-13 09:21 - Updated: 2024-08-13 09:21Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Spoofing
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-125: Out-of-bounds Read
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-250: Execution with Unnecessary Privileges
CWE-256: Plaintext Storage of a Password
CWE-269: Improper Privilege Management
CWE-284: Improper Access Control
CWE-307: Improper Restriction of Excessive Authentication Attempts
CWE-326: Inadequate Encryption Strength
CWE-358: Improperly Implemented Security Check for Standard
CWE-488: Exposure of Data Element to Wrong Session
CWE-521: Weak Password Requirements
CWE-524: Use of Cache Containing Sensitive Information
CWE-532: Insertion of Sensitive Information into Log File
CWE-863: Incorrect Authorization
CWE-416
- Use After Free
CWE-787
- Out-of-bounds Write
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-190
- Integer Overflow or Wraparound
CWE-404
- Improper Resource Shutdown or Release
CWE-499
- Serializable Class Containing Sensitive Data
CWE-400
- Uncontrolled Resource Consumption
CWE-416
- Use After Free
CWE-125
- Out-of-bounds Read
CWE-502
- Deserialization of Untrusted Data
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-459
- Incomplete Cleanup
CWE-459
- Incomplete Cleanup
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-20
- Improper Input Validation
CWE-400
- Uncontrolled Resource Consumption
CWE-400
- Uncontrolled Resource Consumption
CWE-125
- Out-of-bounds Read
CWE-444
- Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-400
- Uncontrolled Resource Consumption
CWE-776
- Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-420
- Unprotected Alternate Channel
CWE-271
- Privilege Dropping / Lowering Errors
CWE-416
- Use After Free
CWE-400
- Uncontrolled Resource Consumption
CWE-611
- Improper Restriction of XML External Entity Reference
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125
- Out-of-bounds Read
CWE-125
- Out-of-bounds Read
CWE-476
- NULL Pointer Dereference
CWE-250
- Execution with Unnecessary Privileges
CWE-256
- Plaintext Storage of a Password
CWE-326
- Inadequate Encryption Strength
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-521
- Weak Password Requirements
CWE-269
- Improper Privilege Management
CWE-307
- Improper Restriction of Excessive Authentication Attempts
CWE-284
- Improper Access Control
CWE-524
- Use of Cache Containing Sensitive Information
CWE-358
- Improperly Implemented Security Check for Standard
CWE-125
- Out-of-bounds Read
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-863
- Incorrect Authorization
CWE-20
- Improper Input Validation
CWE-863
- Incorrect Authorization
CWE-20
- Improper Input Validation
CWE-488
- Exposure of Data Element to Wrong Session
CWE-532
- Insertion of Sensitive Information into Log File
References
59 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Spoofing\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087301.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-357412.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417547.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-659443.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-716317.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-720392.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784301.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-856475.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-921449.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-08-13T09:21:28.381575Z",
"id": "NCSC-2024-0332",
"initial_release_date": "2024-08-13T09:21:28.381575Z",
"revision_history": [
{
"date": "2024-08-13T09:21:28.381575Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-4611",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4611.json"
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5180",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5180",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5180.json"
}
],
"title": "CVE-2023-5180"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Function Call With Incorrect Argument Type",
"title": "CWE-686"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5868",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5868.json"
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5869",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5869.json"
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-5870",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5870.json"
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Serializable Class Containing Sensitive Data",
"title": "CWE-499"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-6378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6378.json"
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-6481",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6481.json"
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-26495",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-26495",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26495.json"
}
],
"title": "CVE-2023-26495"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-31122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-31122.json"
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-34050",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34050.json"
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-39615",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39615.json"
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42794",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42794.json"
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-43622",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43622.json"
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44321",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44321.json"
}
],
"title": "CVE-2023-44321"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-45648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-45802",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45802.json"
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46120.json"
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json"
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52426",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-420",
"name": "Unprotected Alternate Channel"
},
"notes": [
{
"category": "other",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0056",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json"
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "other",
"text": "Privilege Dropping / Lowering Errors",
"title": "CWE-271"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0985",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0985.json"
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-30045",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-30045",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30045.json"
}
],
"title": "CVE-2024-30045"
},
{
"cve": "CVE-2024-32635",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32635",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32635.json"
}
],
"title": "CVE-2024-32635"
},
{
"cve": "CVE-2024-32636",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32636",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32636.json"
}
],
"title": "CVE-2024-32636"
},
{
"cve": "CVE-2024-32637",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-32637",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32637.json"
}
],
"title": "CVE-2024-32637"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-36398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36398.json"
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-39922",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "other",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39922",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39922.json"
}
],
"title": "CVE-2024-39922"
},
{
"cve": "CVE-2024-41681",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41681",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41681.json"
}
],
"title": "CVE-2024-41681"
},
{
"cve": "CVE-2024-41682",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41682",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41682.json"
}
],
"title": "CVE-2024-41682"
},
{
"cve": "CVE-2024-41683",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41683",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41683.json"
}
],
"title": "CVE-2024-41683"
},
{
"cve": "CVE-2024-41903",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41903",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41903.json"
}
],
"title": "CVE-2024-41903"
},
{
"cve": "CVE-2024-41904",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Excessive Authentication Attempts",
"title": "CWE-307"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41904",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41904.json"
}
],
"title": "CVE-2024-41904"
},
{
"cve": "CVE-2024-41905",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41905",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41905.json"
}
],
"title": "CVE-2024-41905"
},
{
"cve": "CVE-2024-41906",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41906",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41906.json"
}
],
"title": "CVE-2024-41906"
},
{
"cve": "CVE-2024-41907",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"notes": [
{
"category": "other",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41907",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41907.json"
}
],
"title": "CVE-2024-41907"
},
{
"cve": "CVE-2024-41908",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41908",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41908.json"
}
],
"title": "CVE-2024-41908"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41938",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41938.json"
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41939",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41939.json"
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41940",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41940.json"
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41941",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41941.json"
}
],
"title": "CVE-2024-41941"
},
{
"cve": "CVE-2024-41976",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41976.json"
}
],
"title": "CVE-2024-41976"
},
{
"cve": "CVE-2024-41977",
"cwe": {
"id": "CWE-488",
"name": "Exposure of Data Element to Wrong Session"
},
"notes": [
{
"category": "other",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41977",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41977.json"
}
],
"title": "CVE-2024-41977"
},
{
"cve": "CVE-2024-41978",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41978",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41978.json"
}
],
"title": "CVE-2024-41978"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…