Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-38999 (GCVE-0-2024-38999)
Vulnerability from cvelistv5 – Published: 2024-07-01 00:00 – Updated: 2024-08-02 04:19
VLAI
EPSS
Summary
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jrburke:requirejs:2.3.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "requirejs",
"vendor": "jrburke",
"versions": [
{
"status": "affected",
"version": "2.3.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38999",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:59:34.204957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T16:00:29.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T12:49:23.049Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38999",
"datePublished": "2024-07-01T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T04:19:20.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38999",
"date": "2026-06-06",
"epss": "0.00283",
"percentile": "0.52014"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38999\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-07-01T13:15:05.280\",\"lastModified\":\"2024-11-21T09:27:05.063\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 que jrburke requirejs v2.3.6 contiene un prototipo de contaminaci\u00f3n a trav\u00e9s de la funci\u00f3n s.contexts._.configure. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"references\":[{\"url\":\"https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:19:20.589Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38999\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-09T15:59:34.204957Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:jrburke:requirejs:2.3.6:*:*:*:*:*:*:*\"], \"vendor\": \"jrburke\", \"product\": \"requirejs\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.6\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-09T16:00:22.273Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-07-01T12:49:23.049Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38999\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:19:20.589Z\", \"dateReserved\": \"2024-06-21T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-07-01T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2024:3771-1
Vulnerability from csaf_suse - Published: 2024-10-29 12:55 - Updated: 2024-10-29 12:55Summary
Security update for pgadmin4
Severity
Important
Notes
Title of the patch: Security update for pgadmin4
Description of the patch: This update for pgadmin4 fixes the following issues:
- CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967)
- CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248)
- CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252)
- CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423)
- CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366)
- CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295)
- CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS (bsc#1229861)
- CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions in elliptic (bsc#1231684)
- CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic's EDDSA Signature Verification (bsc#1231564)
- CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928)
Patchnames: SUSE-2024-3771,SUSE-SLE-Module-Python3-15-SP6-2024-3771,openSUSE-SLE-15.6-2024-3771
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2024-38355: Fixed socket.io: unhandled \u0027error\u0027 event (bsc#1226967)\n- CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248)\n- CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252)\n- CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423)\n- CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366)\n- CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295)\n- CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS (bsc#1229861)\n- CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions in elliptic (bsc#1231684)\n- CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification (bsc#1231564)\n- CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3771,SUSE-SLE-Module-Python3-15-SP6-2024-3771,openSUSE-SLE-15.6-2024-3771",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3771-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3771-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243771-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3771-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019689.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1224366",
"url": "https://bugzilla.suse.com/1224366"
},
{
"category": "self",
"summary": "SUSE Bug 1226967",
"url": "https://bugzilla.suse.com/1226967"
},
{
"category": "self",
"summary": "SUSE Bug 1227248",
"url": "https://bugzilla.suse.com/1227248"
},
{
"category": "self",
"summary": "SUSE Bug 1227252",
"url": "https://bugzilla.suse.com/1227252"
},
{
"category": "self",
"summary": "SUSE Bug 1229423",
"url": "https://bugzilla.suse.com/1229423"
},
{
"category": "self",
"summary": "SUSE Bug 1229861",
"url": "https://bugzilla.suse.com/1229861"
},
{
"category": "self",
"summary": "SUSE Bug 1230928",
"url": "https://bugzilla.suse.com/1230928"
},
{
"category": "self",
"summary": "SUSE Bug 1231564",
"url": "https://bugzilla.suse.com/1231564"
},
{
"category": "self",
"summary": "SUSE Bug 1231684",
"url": "https://bugzilla.suse.com/1231684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38998 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43788 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9014/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2024-10-29T12:55:34Z",
"generator": {
"date": "2024-10-29T12:55:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3771-1",
"initial_release_date": "2024-10-29T12:55:34Z",
"revision_history": [
{
"date": "2024-10-29T12:55:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-8.5-150600.3.6.1.noarch",
"product": {
"name": "pgadmin4-8.5-150600.3.6.1.noarch",
"product_id": "pgadmin4-8.5-150600.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"product": {
"name": "pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"product_id": "pgadmin4-cloud-8.5-150600.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"product": {
"name": "pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"product_id": "pgadmin4-desktop-8.5-150600.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-doc-8.5-150600.3.6.1.noarch",
"product": {
"name": "pgadmin4-doc-8.5-150600.3.6.1.noarch",
"product_id": "pgadmin4-doc-8.5-150600.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"product_id": "pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-pgadmin-8.5-150600.3.6.1.noarch",
"product": {
"name": "system-user-pgadmin-8.5-150600.3.6.1.noarch",
"product_id": "system-user-pgadmin-8.5-150600.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.6.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.6.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.6.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-cloud-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-desktop-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch"
},
"product_reference": "pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38355"
}
],
"notes": [
{
"category": "general",
"text": "Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the \"error\" event to catch these errors.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38355",
"url": "https://www.suse.com/security/cve/CVE-2024-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1226965 for CVE-2024-38355",
"url": "https://bugzilla.suse.com/1226965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-38355"
},
{
"cve": "CVE-2024-38998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38998"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38998",
"url": "https://www.suse.com/security/cve/CVE-2024-38998"
},
{
"category": "external",
"summary": "SUSE Bug 1227247 for CVE-2024-38998",
"url": "https://bugzilla.suse.com/1227247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38999"
}
],
"notes": [
{
"category": "general",
"text": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38999",
"url": "https://www.suse.com/security/cve/CVE-2024-38999"
},
{
"category": "external",
"summary": "SUSE Bug 1227251 for CVE-2024-38999",
"url": "https://bugzilla.suse.com/1227251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39338"
}
],
"notes": [
{
"category": "general",
"text": "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39338",
"url": "https://www.suse.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "SUSE Bug 1229421 for CVE-2024-39338",
"url": "https://bugzilla.suse.com/1229421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4067"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4067",
"url": "https://www.suse.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1224255 for CVE-2024-4067",
"url": "https://bugzilla.suse.com/1224255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-43788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43788"
}
],
"notes": [
{
"category": "general",
"text": "Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack\u0027s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43788",
"url": "https://www.suse.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "SUSE Bug 1229860 for CVE-2024-43788",
"url": "https://bugzilla.suse.com/1229860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-48948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48948"
}
],
"notes": [
{
"category": "general",
"text": "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve\u0027s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48948",
"url": "https://www.suse.com/security/cve/CVE-2024-48948"
},
{
"category": "external",
"summary": "SUSE Bug 1231681 for CVE-2024-48948",
"url": "https://bugzilla.suse.com/1231681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48949"
}
],
"notes": [
{
"category": "general",
"text": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48949",
"url": "https://www.suse.com/security/cve/CVE-2024-48949"
},
{
"category": "external",
"summary": "SUSE Bug 1231557 for CVE-2024-48949",
"url": "https://bugzilla.suse.com/1231557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-9014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9014"
}
],
"notes": [
{
"category": "general",
"text": "pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9014",
"url": "https://www.suse.com/security/cve/CVE-2024-9014"
},
{
"category": "external",
"summary": "SUSE Bug 1230928 for CVE-2024-9014",
"url": "https://bugzilla.suse.com/1230928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.6.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-29T12:55:34Z",
"details": "important"
}
],
"title": "CVE-2024-9014"
}
]
}
WID-SEC-W-2024-3191
Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2025-09-30 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <132.0.0
cPanel / cPanel/WHM
|
<132.0.0 | ||
|
Oracle Fusion Middleware 11.1.1.5.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:11.1.1.5.0
|
11.1.1.5.0 | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3191 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3191.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3191 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3191"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Fusion Middleware vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixFMW"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7175917 vom 2025-02-28",
"url": "https://www.ibm.com/support/pages/node/7175917"
},
{
"category": "external",
"summary": "cPanel 132 Change Log vom 2025-10-01",
"url": "https://docs.cpanel.net/changelogs/132-change-log/"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-30T22:00:00.000+00:00",
"generator": {
"date": "2025-10-01T06:52:12.370+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-3191",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM FileNet Content Manager",
"product": {
"name": "IBM FileNet Content Manager",
"product_id": "T025993",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.1.1.5.0",
"product": {
"name": "Oracle Fusion Middleware 11.1.1.5.0",
"product_id": "150102",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:11.1.1.5.0"
}
}
},
{
"category": "product_version",
"name": "12.2.1.3.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product_id": "618028",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
}
}
},
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c132.0.0",
"product": {
"name": "cPanel cPanel/WHM \u003c132.0.0",
"product_id": "T047273"
}
},
{
"category": "product_version",
"name": "132.0.0",
"product": {
"name": "cPanel cPanel/WHM 132.0.0",
"product_id": "T047273-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:132.0.0"
}
}
}
],
"category": "product_name",
"name": "cPanel/WHM"
}
],
"category": "vendor",
"name": "cPanel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-17521",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-39743",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-39743"
},
{
"cve": "CVE-2023-4759",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-51775",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2024-21190",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21190"
},
{
"cve": "CVE-2024-21191",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21191"
},
{
"cve": "CVE-2024-21192",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21192"
},
{
"cve": "CVE-2024-21205",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21205"
},
{
"cve": "CVE-2024-21215",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21215"
},
{
"cve": "CVE-2024-21216",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21216"
},
{
"cve": "CVE-2024-21234",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21234"
},
{
"cve": "CVE-2024-21246",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21246"
},
{
"cve": "CVE-2024-21260",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21260"
},
{
"cve": "CVE-2024-21274",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21274"
},
{
"cve": "CVE-2024-22201",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22262",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23807",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-24549",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-2511",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-25269",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-25269"
},
{
"cve": "CVE-2024-28182",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-29131",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-36052",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-36052"
},
{
"cve": "CVE-2024-38999",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-45492",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-6345",
"product_status": {
"known_affected": [
"T047273",
"150102",
"T025993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-6345"
}
]
}
WID-SEC-W-2025-0647
Vulnerability from csaf_certbund - Published: 2025-03-26 23:00 - Updated: 2025-11-18 23:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben, Daten zu manipulieren, Code auszuführen, einen Denial-of-Service-Zustand zu verursachen und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning <5.2.0
Splunk / Splunk Enterprise
|
SplunkApp Data Science and Deep Learning <5.2.0 | ||
|
Splunk Splunk Enterprise Spunk DB Connect <4.0.0
Splunk / Splunk Enterprise
|
Spunk DB Connect <4.0.0 | ||
|
Splunk Splunk Enterprise SplunkApp Lookup File Editing <4.0.5
Splunk / Splunk Enterprise
|
SplunkApp Lookup File Editing <4.0.5 | ||
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud <5.4.3
Splunk / Splunk Enterprise
|
Splunk Add-on Microsoft Cloud <5.4.3 | ||
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on <1.2.7
Splunk / Splunk Enterprise
|
Splunk Infrastructure Monitoring Add-on <1.2.7 | ||
|
Splunk Splunk Enterprise <9.4.0
Splunk / Splunk Enterprise
|
<9.4.0 | ||
|
Splunk Splunk Enterprise <9.3.3
Splunk / Splunk Enterprise
|
<9.3.3 | ||
|
Atlassian Jira <10.7.2
Atlassian / Jira
|
<10.7.2 | ||
|
Splunk Splunk Enterprise <9.2.5
Splunk / Splunk Enterprise
|
<9.2.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Splunk Splunk Enterprise <9.1.8
Splunk / Splunk Enterprise
|
<9.1.8 | ||
|
Atlassian Jira <9.12.25 (LTS)
Atlassian / Jira
|
<9.12.25 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Splunk Splunk Enterprise <9.4.1
Splunk / Splunk Enterprise
|
<9.4.1 | ||
|
Atlassian Jira <10.3.8 (LTS)
Atlassian / Jira
|
<10.3.8 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Daten zu manipulieren, Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0647 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0647.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0647 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0647"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0301 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0301"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0302 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0302"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0303 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0303"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0304 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0304"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0305 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0305"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0306 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0306"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0307 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0307"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0310 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0310"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0308 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0308"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0309 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0309"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0311 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0311"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0312 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0312"
},
{
"category": "external",
"summary": "Splunk Vulnerability Disclosure SVD-2025-0313 vom 2025-03-26",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0313"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2025-0603 vom 2025-06-02",
"url": "https://advisory.splunk.com//advisories/SVD-2025-0603"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - July 15 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-july-15-2025-1590658642.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:37:12.481+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0647",
"initial_release_date": "2025-03-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.7.2",
"product": {
"name": "Atlassian Jira \u003c10.7.2",
"product_id": "T045453"
}
},
{
"category": "product_version",
"name": "10.7.2",
"product": {
"name": "Atlassian Jira 10.7.2",
"product_id": "T045453-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3.8 (LTS)",
"product": {
"name": "Atlassian Jira \u003c10.3.8 (LTS)",
"product_id": "T045454"
}
},
{
"category": "product_version",
"name": "10.3.8 (LTS)",
"product": {
"name": "Atlassian Jira 10.3.8 (LTS)",
"product_id": "T045454-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.3.8_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.12.25 (LTS)",
"product": {
"name": "Atlassian Jira \u003c9.12.25 (LTS)",
"product_id": "T045455"
}
},
{
"category": "product_version",
"name": "9.12.25 (LTS)",
"product": {
"name": "Atlassian Jira 9.12.25 (LTS)",
"product_id": "T045455-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:9.12.25_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.0",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.0",
"product_id": "T042184"
}
},
{
"category": "product_version",
"name": "9.4.0",
"product": {
"name": "Splunk Splunk Enterprise 9.4.0",
"product_id": "T042184-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.3",
"product_id": "T042185"
}
},
{
"category": "product_version",
"name": "9.3.3",
"product": {
"name": "Splunk Splunk Enterprise 9.3.3",
"product_id": "T042185-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.5",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.5",
"product_id": "T042186"
}
},
{
"category": "product_version",
"name": "9.2.5",
"product": {
"name": "Splunk Splunk Enterprise 9.2.5",
"product_id": "T042186-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.8",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.8",
"product_id": "T042187"
}
},
{
"category": "product_version",
"name": "9.1.8",
"product": {
"name": "Splunk Splunk Enterprise 9.1.8",
"product_id": "T042187-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.1",
"product_id": "T042188"
}
},
{
"category": "product_version",
"name": "9.4.1",
"product": {
"name": "Splunk Splunk Enterprise 9.4.1",
"product_id": "T042188-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.1"
}
}
},
{
"category": "product_version_range",
"name": "SplunkApp Lookup File Editing \u003c4.0.5",
"product": {
"name": "Splunk Splunk Enterprise SplunkApp Lookup File Editing \u003c4.0.5",
"product_id": "T042189"
}
},
{
"category": "product_version",
"name": "SplunkApp Lookup File Editing 4.0.5",
"product": {
"name": "Splunk Splunk Enterprise SplunkApp Lookup File Editing 4.0.5",
"product_id": "T042189-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:splunkapp_lookup_file_editing__4.0.5"
}
}
},
{
"category": "product_version_range",
"name": "SplunkApp Data Science and Deep Learning \u003c5.2.0",
"product": {
"name": "Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning \u003c5.2.0",
"product_id": "T042190"
}
},
{
"category": "product_version",
"name": "SplunkApp Data Science and Deep Learning 5.2.0",
"product": {
"name": "Splunk Splunk Enterprise SplunkApp Data Science and Deep Learning 5.2.0",
"product_id": "T042190-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:splunkapp_data_science_and_deep_learning__5.2.0"
}
}
},
{
"category": "product_version_range",
"name": "Spunk DB Connect \u003c4.0.0",
"product": {
"name": "Splunk Splunk Enterprise Spunk DB Connect \u003c4.0.0",
"product_id": "T042191"
}
},
{
"category": "product_version",
"name": "Spunk DB Connect 4.0.0",
"product": {
"name": "Splunk Splunk Enterprise Spunk DB Connect 4.0.0",
"product_id": "T042191-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:spunk_db_connect__4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "Splunk Add-on Microsoft Cloud \u003c5.4.3",
"product": {
"name": "Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud \u003c5.4.3",
"product_id": "T042192"
}
},
{
"category": "product_version",
"name": "Splunk Add-on Microsoft Cloud 5.4.3",
"product": {
"name": "Splunk Splunk Enterprise Splunk Add-on Microsoft Cloud 5.4.3",
"product_id": "T042192-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:splunk_add-on_microsoft_cloud__5.4.3"
}
}
},
{
"category": "product_version_range",
"name": "Splunk Infrastructure Monitoring Add-on \u003c1.2.7",
"product": {
"name": "Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on \u003c1.2.7",
"product_id": "T042194"
}
},
{
"category": "product_version",
"name": "Splunk Infrastructure Monitoring Add-on 1.2.7",
"product": {
"name": "Splunk Splunk Enterprise Splunk Infrastructure Monitoring Add-on 1.2.7",
"product_id": "T042194-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:splunk_infrastructure_monitoring_add-on__1.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.2",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.2",
"product_id": "T044257"
}
},
{
"category": "product_version",
"name": "9.4.2",
"product": {
"name": "Splunk Splunk Enterprise 9.4.2",
"product_id": "T044257-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.4",
"product_id": "T044258"
}
},
{
"category": "product_version",
"name": "9.3.4",
"product": {
"name": "Splunk Splunk Enterprise 9.3.4",
"product_id": "T044258-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.6",
"product_id": "T044259"
}
},
{
"category": "product_version",
"name": "9.2.6",
"product": {
"name": "Splunk Splunk Enterprise 9.2.6",
"product_id": "T044259-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.9",
"product_id": "T044260"
}
},
{
"category": "product_version",
"name": "9.1.9",
"product": {
"name": "Splunk Splunk Enterprise 9.1.9",
"product_id": "T044260-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.9"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-20230",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20230"
},
{
"cve": "CVE-2025-20227",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20227"
},
{
"cve": "CVE-2025-20228",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20228"
},
{
"cve": "CVE-2025-20229",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20229"
},
{
"cve": "CVE-2025-20231",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20231"
},
{
"cve": "CVE-2025-20226",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20226"
},
{
"cve": "CVE-2025-20232",
"product_status": {
"known_affected": [
"T044258",
"T044257",
"T044259",
"T044260",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20232"
},
{
"cve": "CVE-2025-20233",
"product_status": {
"known_affected": [
"T042189",
"T044258",
"T044257",
"T044259",
"T044260",
"T045453",
"T048677",
"T045455",
"T048676",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2025-20233"
},
{
"cve": "CVE-2023-5363",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2024-21090",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-21090"
},
{
"cve": "CVE-2024-21272",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-21272"
},
{
"cve": "CVE-2024-2511",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-29857",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-38999",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39338",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-4603",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-6923",
"product_status": {
"known_affected": [
"T042190",
"T042191",
"T042189",
"T044258",
"T044257",
"T044259",
"T042192",
"T044260",
"T042194",
"T042184",
"T042185",
"T045453",
"T042186",
"T048677",
"T042187",
"T045455",
"T048676",
"T042188",
"T045454",
"T048675"
]
},
"release_date": "2025-03-26T23:00:00.000+00:00",
"title": "CVE-2024-6923"
}
]
}
WID-SEC-W-2025-1887
Vulnerability from csaf_certbund - Published: 2025-08-21 22:00 - Updated: 2025-11-18 23:00Summary
cPanel cPanel/WHM: Mehrere Schwachstellen ermöglichen Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: cPanel ist eine Software für die Verwaltung von Webhosting Auftritten. Die Software ermöglicht es dem Endanwender, Statistiken einzusehen, neue Benutzeraccounts anzulegen, Maileinstellungen zu verändern und vieles mehr.
Angriff: Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in cPanel cPanel/WHM ausnutzen, um beliebigen Code auszuführen, Speicherbeschädigungen zu verursachen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <130.0.6
cPanel / cPanel/WHM
|
<130.0.6 | ||
|
cPanel cPanel/WHM <128.0.19
cPanel / cPanel/WHM
|
<128.0.19 | ||
|
cPanel cPanel/WHM <130.0.5
cPanel / cPanel/WHM
|
<130.0.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cPanel cPanel/WHM <118.0.53
cPanel / cPanel/WHM
|
<118.0.53 | ||
|
cPanel cPanel/WHM <126.0.28
cPanel / cPanel/WHM
|
<126.0.28 | ||
|
cPanel cPanel/WHM <110.0.71
cPanel / cPanel/WHM
|
<110.0.71 | ||
|
cPanel cPanel/WHM <130.0.6
cPanel / cPanel/WHM
|
<130.0.6 | ||
|
cPanel cPanel/WHM <128.0.18
cPanel / cPanel/WHM
|
<128.0.18 | ||
|
cPanel cPanel/WHM <128.0.19
cPanel / cPanel/WHM
|
<128.0.19 | ||
|
cPanel cPanel/WHM <130.0.5
cPanel / cPanel/WHM
|
<130.0.5 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "cPanel ist eine Software f\u00fcr die Verwaltung von Webhosting Auftritten. Die Software erm\u00f6glicht es dem Endanwender, Statistiken einzusehen, neue Benutzeraccounts anzulegen, Maileinstellungen zu ver\u00e4ndern und vieles mehr.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in cPanel cPanel/WHM ausnutzen, um beliebigen Code auszuf\u00fchren, Speicherbesch\u00e4digungen zu verursachen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1887 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1887.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1887 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1887"
},
{
"category": "external",
"summary": "cPanel 110 Change Log vom 2025-08-21",
"url": "https://docs.cpanel.net/changelogs/110-change-log/"
},
{
"category": "external",
"summary": "cPanel 118 Change Log vom 2025-08-21",
"url": "https://docs.cpanel.net/changelogs/118-change-log/"
},
{
"category": "external",
"summary": "cPanel 126 Change Log vom 2025-08-21",
"url": "https://docs.cpanel.net/changelogs/126-change-log/"
},
{
"category": "external",
"summary": "cPanel 128 Change Log vom 2025-08-21",
"url": "https://docs.cpanel.net/changelogs/128-change-log/"
},
{
"category": "external",
"summary": "cPanel 130 Change Log vom 2025-08-21",
"url": "https://docs.cpanel.net/changelogs/130-change-log/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-09-04",
"url": "https://docs.cpanel.net/changelogs/128-change-log/"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "cPanel cPanel/WHM: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:37:10.509+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1887",
"initial_release_date": "2025-08-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c110.0.71",
"product": {
"name": "cPanel cPanel/WHM \u003c110.0.71",
"product_id": "T046414"
}
},
{
"category": "product_version",
"name": "110.0.71",
"product": {
"name": "cPanel cPanel/WHM 110.0.71",
"product_id": "T046414-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:110.0.71"
}
}
},
{
"category": "product_version_range",
"name": "\u003c118.0.53",
"product": {
"name": "cPanel cPanel/WHM \u003c118.0.53",
"product_id": "T046415"
}
},
{
"category": "product_version",
"name": "118.0.53",
"product": {
"name": "cPanel cPanel/WHM 118.0.53",
"product_id": "T046415-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:118.0.53"
}
}
},
{
"category": "product_version_range",
"name": "\u003c126.0.28",
"product": {
"name": "cPanel cPanel/WHM \u003c126.0.28",
"product_id": "T046416"
}
},
{
"category": "product_version",
"name": "126.0.28",
"product": {
"name": "cPanel cPanel/WHM 126.0.28",
"product_id": "T046416-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:126.0.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c128.0.18",
"product": {
"name": "cPanel cPanel/WHM \u003c128.0.18",
"product_id": "T046417"
}
},
{
"category": "product_version",
"name": "128.0.18",
"product": {
"name": "cPanel cPanel/WHM 128.0.18",
"product_id": "T046417-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:128.0.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c130.0.5",
"product": {
"name": "cPanel cPanel/WHM \u003c130.0.5",
"product_id": "T046418"
}
},
{
"category": "product_version",
"name": "130.0.5",
"product": {
"name": "cPanel cPanel/WHM 130.0.5",
"product_id": "T046418-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:130.0.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c130.0.6",
"product": {
"name": "cPanel cPanel/WHM \u003c130.0.6",
"product_id": "T046419"
}
},
{
"category": "product_version",
"name": "130.0.6",
"product": {
"name": "cPanel cPanel/WHM 130.0.6",
"product_id": "T046419-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:130.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c128.0.19",
"product": {
"name": "cPanel cPanel/WHM \u003c128.0.19",
"product_id": "T046714"
}
},
{
"category": "product_version",
"name": "128.0.19",
"product": {
"name": "cPanel cPanel/WHM 128.0.19",
"product_id": "T046714-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:128.0.19"
}
}
}
],
"category": "product_name",
"name": "cPanel/WHM"
}
],
"category": "vendor",
"name": "cPanel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38999",
"product_status": {
"known_affected": [
"T046419",
"T046714",
"T046418",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2025-08-21T22:00:00.000+00:00",
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2025-6965",
"product_status": {
"known_affected": [
"T046415",
"T046416",
"T046414",
"T046419",
"T046417",
"T046714",
"T046418",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2025-08-21T22:00:00.000+00:00",
"title": "CVE-2025-6965"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…