Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45296 (GCVE-0-2024-45296)
Vulnerability from cvelistv5 – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03
VLAI
EPSS
Title
path-to-regexp outputs backtracking regular expressions
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
Severity
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pillarjs/path-to-regexp/securi… | x_refsource_CONFIRM |
| https://github.com/pillarjs/path-to-regexp/commit… | x_refsource_MISC |
| https://github.com/pillarjs/path-to-regexp/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pillarjs | path-to-regexp |
Affected:
< 0.1.10
Affected: >= 0.2.0, < 8.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"lessThan": "0.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.0.0",
"status": "affected",
"version": "0.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T19:32:57.513942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:38:12.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:07.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.10"
},
{
"status": "affected",
"version": "\u003e= 0.2.0, \u003c 8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:07:40.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
},
{
"name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
}
],
"source": {
"advisory": "GHSA-9wv6-86v2-598j",
"discovery": "UNKNOWN"
},
"title": "path-to-regexp outputs backtracking regular expressions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45296",
"datePublished": "2024-09-09T19:07:40.313Z",
"dateReserved": "2024-08-26T18:25:35.442Z",
"dateUpdated": "2025-01-24T20:03:07.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45296",
"date": "2026-05-30",
"epss": "0.00066",
"percentile": "0.20562"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45296\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-09T19:15:13.330\",\"lastModified\":\"2025-01-24T20:15:32.680\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.\"},{\"lang\":\"es\",\"value\":\"path-to-regexp convierte cadenas de ruta en expresiones regulares. En ciertos casos, path-to-regexp generar\u00e1 una expresi\u00f3n regular que puede explotarse para generar un rendimiento deficiente. Debido a que JavaScript es de un solo subproceso y la coincidencia de expresiones regulares se ejecuta en el subproceso principal, un rendimiento deficiente bloquear\u00e1 el bucle de eventos y provocar\u00e1 un ataque de denegaci\u00f3n de servicio (DoS). La expresi\u00f3n regular incorrecta se genera cada vez que hay dos par\u00e1metros dentro de un solo segmento, separados por algo que no sea un punto (.). Para los usuarios de la versi\u00f3n 0.1, actualice a la versi\u00f3n 0.1.10. Todos los dem\u00e1s usuarios deben actualizar a la versi\u00f3n 8.0.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250124-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45296\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T19:32:57.513942Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*\"], \"vendor\": \"pillarjs\", \"product\": \"path-to-regexp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0.2.0\", \"lessThan\": \"8.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T19:38:02.181Z\"}}], \"cna\": {\"title\": \"path-to-regexp outputs backtracking regular expressions\", \"source\": {\"advisory\": \"GHSA-9wv6-86v2-598j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pillarjs\", \"product\": \"path-to-regexp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.1.10\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.2.0, \u003c 8.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j\", \"name\": \"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f\", \"name\": \"https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6\", \"name\": \"https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333: Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-09T19:07:40.313Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45296\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-09T19:38:12.783Z\", \"dateReserved\": \"2024-08-26T18:25:35.442Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-09T19:07:40.313Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2025-0043
Vulnerability from csaf_certbund - Published: 2025-01-12 23:00 - Updated: 2025-03-17 23:00Summary
IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-01-12",
"url": "https://www.ibm.com/support/pages/node/7180725"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181570 vom 2025-01-24",
"url": "https://www.ibm.com/support/pages/node/7181570"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181915 vom 2025-01-29",
"url": "https://www.ibm.com/support/pages/node/7181915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0892 vom 2025-02-03",
"url": "https://access.redhat.com/errata/RHSA-2025:0892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1051 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1051"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184092 vom 2025-02-25",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184955 vom 2025-03-06",
"url": "https://www.ibm.com/support/pages/node/7184955"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7186423 vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186423"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-17T23:00:00.000+00:00",
"generator": {
"date": "2025-03-18T09:12:53.448+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0043",
"initial_release_date": "2025-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "7",
"summary": "Produktzuordnung korrigiert"
},
{
"date": "2025-03-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.2.1",
"product_id": "T040605"
}
},
{
"category": "product_version",
"name": "13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.2.1",
"product_id": "T040605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.10",
"product_id": "T040606"
}
},
{
"category": "product_version",
"name": "12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.10",
"product_id": "T040606-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.10"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Log Source Management App \u003c7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App \u003c7.0.11",
"product_id": "T040117"
}
},
{
"category": "product_version",
"name": "Log Source Management App 7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App 7.0.11",
"product_id": "T040117-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:log_source_management_app__7.0.11"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T041207",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "Data Synchronization App \u003c3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App \u003c3.2.1",
"product_id": "T041488"
}
},
{
"category": "product_version",
"name": "Data Synchronization App 3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App 3.2.1",
"product_id": "T041488-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:data_synchronization_app__3.2.1"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43788",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-47068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47068"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-21536",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21536"
},
{
"cve": "CVE-2024-21538",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-33883",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-33883"
},
{
"cve": "CVE-2024-37890",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-37890"
},
{
"cve": "CVE-2024-4067",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-48948",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-42459",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47764"
}
]
}
WID-SEC-W-2025-0580
Vulnerability from csaf_certbund - Published: 2025-03-17 23:00 - Updated: 2025-08-21 22:00Summary
IBM License Metric Tool: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.
Angriff: Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM Rational Business Developer 9.7
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.7
|
9.7 | |
|
IBM Rational Business Developer 9.6
IBM / Rational Business Developer
|
cpe:/a:ibm:rational_business_developer:9.6
|
9.6 | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0580 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0580 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186586"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2025-25184",
"url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2024-52798",
"url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
},
{
"category": "external",
"summary": "HCL Article KB0120960 vom 2025-05-02",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7242813 vom 2025-08-21",
"url": "https://www.ibm.com/support/pages/node/7242813"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-21T22:00:00.000+00:00",
"generator": {
"date": "2025-08-22T07:46:14.099+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0580",
"initial_release_date": "2025-03-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Compliance",
"product": {
"name": "HCL BigFix Compliance",
"product_id": "T038823",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.39",
"product": {
"name": "IBM License Metric Tool \u003c9.2.39",
"product_id": "T041960"
}
},
{
"category": "product_version",
"name": "9.2.39",
"product": {
"name": "IBM License Metric Tool 9.2.39",
"product_id": "T041960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version",
"name": "9.6",
"product": {
"name": "IBM Rational Business Developer 9.6",
"product_id": "T023629",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_business_developer:9.6"
}
}
},
{
"category": "product_version",
"name": "9.7",
"product": {
"name": "IBM Rational Business Developer 9.7",
"product_id": "T023630",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_business_developer:9.7"
}
}
}
],
"category": "product_name",
"name": "Rational Business Developer"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10917",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-10917"
},
{
"cve": "CVE-2024-12797",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-21208",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21217",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27111",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27111"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-25184",
"product_status": {
"known_affected": [
"T038823",
"T023630",
"T023629",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-25184"
}
]
}
WID-SEC-W-2026-0177
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-28 23:00Summary
Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, und um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0177 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0177.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0177 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0177"
},
{
"category": "external",
"summary": "Atlassian Support Security Bulletin vom 2026-01-20",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-28T23:00:00.000+00:00",
"generator": {
"date": "2026-01-29T07:51:12.449+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0177",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-4913"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c12.0.2",
"product": {
"name": "Atlassian Bamboo Data Center \u003c12.0.2",
"product_id": "T050227"
}
},
{
"category": "product_version",
"name": "Data Center 12.0.2",
"product": {
"name": "Atlassian Bamboo Data Center 12.0.2",
"product_id": "T050227-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__12.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.13",
"product": {
"name": "Atlassian Bamboo Data Center \u003c10.2.13",
"product_id": "T050228"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.13",
"product": {
"name": "Atlassian Bamboo Data Center 10.2.13",
"product_id": "T050228-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.13"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.6.21",
"product": {
"name": "Atlassian Bamboo Data Center \u003c9.6.21",
"product_id": "T050229"
}
},
{
"category": "product_version",
"name": "Data Center 9.6.21",
"product": {
"name": "Atlassian Bamboo Data Center 9.6.21",
"product_id": "T050229-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__9.6.21"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.1.1",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.1.1",
"product_id": "T050230"
}
},
{
"category": "product_version",
"name": "Data Center 10.1.1",
"product": {
"name": "Atlassian Bitbucket Data Center 10.1.1",
"product_id": "T050230-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.4.15",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c9.4.15",
"product_id": "T050231"
}
},
{
"category": "product_version",
"name": "Data Center 9.4.15",
"product": {
"name": "Atlassian Bitbucket Data Center 9.4.15",
"product_id": "T050231-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.15"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c8.19.26",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c8.19.26",
"product_id": "T050232"
}
},
{
"category": "product_version",
"name": "Data Center 8.19.26",
"product": {
"name": "Atlassian Bitbucket Data Center 8.19.26",
"product_id": "T050232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__8.19.26"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.2",
"product": {
"name": "Atlassian Confluence Data Center \u003c10.2.2",
"product_id": "T050233"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.2",
"product": {
"name": "Atlassian Confluence Data Center 10.2.2",
"product_id": "T050233-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.2.13",
"product": {
"name": "Atlassian Confluence Data Center \u003c9.2.13",
"product_id": "T050234"
}
},
{
"category": "product_version",
"name": "Data Center 9.2.13",
"product": {
"name": "Atlassian Confluence Data Center 9.2.13",
"product_id": "T050234-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__9.2.13"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c11.3.0",
"product": {
"name": "Atlassian Jira Data Center \u003c11.3.0",
"product_id": "T050235"
}
},
{
"category": "product_version",
"name": "Data Center 11.3.0",
"product": {
"name": "Atlassian Jira Data Center 11.3.0",
"product_id": "T050235-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.3.0"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c11.2.1",
"product": {
"name": "Atlassian Jira Data Center \u003c11.2.1",
"product_id": "T050236"
}
},
{
"category": "product_version",
"name": "Data Center 11.2.1",
"product": {
"name": "Atlassian Jira Data Center 11.2.1",
"product_id": "T050236-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.2.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.16",
"product": {
"name": "Atlassian Jira Data Center \u003c10.3.16",
"product_id": "T050237"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.16",
"product": {
"name": "Atlassian Jira Data Center 10.3.16",
"product_id": "T050237-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__10.3.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.12.26",
"product": {
"name": "Atlassian Jira \u003c9.12.26",
"product_id": "T050238"
}
},
{
"category": "product_version",
"name": "9.12.26",
"product": {
"name": "Atlassian Jira 9.12.26",
"product_id": "T050238-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:9.12.26"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2022-25883",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-25883"
},
{
"cve": "CVE-2022-45693",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2024-21538",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-38286",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2025-12383",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-15284",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48976",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49146",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-49146"
},
{
"cve": "CVE-2025-52434",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52999",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53689",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53689"
},
{
"cve": "CVE-2025-54988",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66516",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-9287",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9287"
},
{
"cve": "CVE-2025-9288",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9288"
},
{
"cve": "CVE-2026-21569",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21569"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…