Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-48949 (GCVE-0-2024-48949)
Vulnerability from cvelistv5 – Published: 2024-10-10 00:00 – Updated: 2025-11-25 15:42
VLAI
EPSS
VEX
Summary
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:20:12.636633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:10:41.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-27T16:03:06.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T15:42:12.721Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281"
},
{
"url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6"
},
{
"url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-48949",
"datePublished": "2024-10-10T00:00:00.000Z",
"dateReserved": "2024-10-10T00:00:00.000Z",
"dateUpdated": "2025-11-25T15:42:12.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-48949",
"date": "2026-07-14",
"epss": "0.00507",
"percentile": "0.39761"
},
"microsoft_vex": {
"current_release_date": "2026-02-18T14:07:28.000Z",
"cve": "CVE-2024-48949",
"id": "msrc_CVE-2024-48949",
"initial_release_date": "2024-10-01T07:00:00.000Z",
"product_status:fixed": "2",
"product_status:known_affected": "2",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-48949.json",
"version": "4"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-48949\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-10-10T01:15:11.127\",\"lastModified\":\"2026-06-17T07:59:06.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \\\"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\\\" validation.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n de verificaci\u00f3n en lib/elliptic/eddsa/index.js en el paquete Elliptic anterior a 6.5.6 para Node.js omite la validaci\u00f3n \\\"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\\\".\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-10-10T20:20:12.636633Z\",\"id\":\"CVE-2024-48949\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:indutny:elliptic:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"6.5.6\",\"matchCriteriaId\":\"C0C41343-E02F-4FD7-A270-FDB27E36AC85\"}]}]}],\"references\":[{\"url\":\"https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241227-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-06-29T20:24:24+00:00",
"cve": "CVE-2024-48949",
"id": "CVE-2024-48949",
"initial_release_date": "2024-10-10T00:00:00+00:00",
"product_status:fixed": "750",
"product_status:known_affected": "28",
"product_status:known_not_affected": "912",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48949.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20241227-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-12-27T16:03:06.432Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-48949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-10T20:20:12.636633Z\"}}}, {\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347 Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-10T20:21:12.988Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281\"}, {\"url\": \"https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6\"}, {\"url\": \"https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \\\"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\\\" validation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-11-25T15:42:12.721Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-48949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T15:42:12.721Z\", \"dateReserved\": \"2024-10-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-10-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2024-3148
Vulnerability from csaf_certbund - Published: 2024-10-10 22:00 - Updated: 2025-11-24 23:00Summary
Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux Advanced Cluster Management <2.11.3
Red Hat / Enterprise Linux
|
Advanced Cluster Management <2.11.3 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift multicluster engine for Kubernetes <2.3.8
Red Hat / OpenShift
|
multicluster engine for Kubernetes <2.3.8 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux Advanced Cluster Management <2.11.3
Red Hat / Enterprise Linux
|
Advanced Cluster Management <2.11.3 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift multicluster engine for Kubernetes <2.3.8
Red Hat / OpenShift
|
multicluster engine for Kubernetes <2.3.8 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux Advanced Cluster Management <2.11.3
Red Hat / Enterprise Linux
|
Advanced Cluster Management <2.11.3 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift multicluster engine for Kubernetes <2.3.8
Red Hat / OpenShift
|
multicluster engine for Kubernetes <2.3.8 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux Advanced Cluster Management <2.11.3
Red Hat / Enterprise Linux
|
Advanced Cluster Management <2.11.3 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift multicluster engine for Kubernetes <2.3.8
Red Hat / OpenShift
|
multicluster engine for Kubernetes <2.3.8 |
References
23 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3148 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3148.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3148 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3148"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7994"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-6955BCC801 vom 2024-10-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-6955bcc801"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-B0FC600C3C vom 2024-10-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b0fc600c3c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-362915851C vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-362915851c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-D79685D847 vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d79685d847"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-66B0BDAD35 vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-66b0bdad35"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-65994E5CBF vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-65994e5cbf"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-78DF19AAF3 vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-78df19aaf3"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14403-1 vom 2024-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/M7BG5WQRKJLY2OVHOL5KXFLQGUMAI2OC/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8351 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8351"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8507 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8507"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8546 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8533 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8533"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8974 vom 2024-11-06",
"url": "https://access.redhat.com/errata/RHSA-2024:8974"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10179 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:10179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10183 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:10183"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8233 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:8233"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8078 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:8078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10853 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:10853"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9294 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9294"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8512 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:8512"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-24T23:00:00.000+00:00",
"generator": {
"date": "2025-11-25T12:37:14.947+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3148",
"initial_release_date": "2024-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T023632",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T033359",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version_range",
"name": "Advanced Cluster Management \u003c2.11.3",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Management \u003c2.11.3",
"product_id": "T038259"
}
},
{
"category": "product_version",
"name": "Advanced Cluster Management 2.11.3",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Management 2.11.3",
"product_id": "T038259-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_management__2.11.3"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "multicluster engine for Kubernetes \u003c2.3.8",
"product": {
"name": "Red Hat OpenShift multicluster engine for Kubernetes \u003c2.3.8",
"product_id": "T039389"
}
},
{
"category": "product_version",
"name": "multicluster engine for Kubernetes 2.3.8",
"product": {
"name": "Red Hat OpenShift multicluster engine for Kubernetes 2.3.8",
"product_id": "T039389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:multicluster_engine_for_kubernetes__2.3.8"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-42459",
"product_status": {
"known_affected": [
"T033359",
"T023632",
"67646",
"T027843",
"T038259",
"74185",
"T039389"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"product_status": {
"known_affected": [
"T033359",
"T023632",
"67646",
"T027843",
"T038259",
"74185",
"T039389"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"product_status": {
"known_affected": [
"T033359",
"T023632",
"67646",
"T027843",
"T038259",
"74185",
"T039389"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"T033359",
"T023632",
"67646",
"T027843",
"T038259",
"74185",
"T039389"
]
},
"release_date": "2024-10-10T22:00:00.000+00:00",
"title": "CVE-2024-48949"
}
]
}
WID-SEC-W-2024-3285
Vulnerability from csaf_certbund - Published: 2024-10-27 23:00 - Updated: 2025-03-02 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM App Connect Enterprise Certified Container <12.0
IBM / App Connect Enterprise
|
Certified Container <12.0 | ||
|
IBM App Connect Enterprise Certified Container <11.6.0
IBM / App Connect Enterprise
|
Certified Container <11.6.0 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM App Connect Enterprise Certified Container <12.0
IBM / App Connect Enterprise
|
Certified Container <12.0 | ||
|
IBM App Connect Enterprise Certified Container <11.6.0
IBM / App Connect Enterprise
|
Certified Container <11.6.0 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3285 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3285.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3285 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3285"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-10-27",
"url": "https://www.ibm.com/support/pages/node/7174116"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184429 vom 2025-03-02",
"url": "https://www.ibm.com/support/pages/node/7184429"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184430 vom 2025-03-02",
"url": "https://www.ibm.com/support/pages/node/7184430"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-03-02T23:00:00.000+00:00",
"generator": {
"date": "2025-03-03T11:44:19.323+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-3285",
"initial_release_date": "2024-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Certified Container \u003c11.6.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c11.6.0",
"product_id": "T038623"
}
},
{
"category": "product_version",
"name": "Certified Container 11.6.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container 11.6.0",
"product_id": "T038623-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__11.6.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container \u003c12.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c12.0",
"product_id": "T038624"
}
},
{
"category": "product_version",
"name": "Certified Container 12.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container 12.0",
"product_id": "T038624-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__12.0"
}
}
},
{
"category": "product_version",
"name": "mobile(android)",
"product": {
"name": "IBM App Connect Enterprise mobile(android)",
"product_id": "T041496",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:mobile%28android%29"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "mobile(iOS)",
"product": {
"name": "IBM Cognos Analytics mobile(iOS)",
"product_id": "T041495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:mobile%28ios%29"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-48948",
"product_status": {
"known_affected": [
"T041495",
"T038624",
"T038623",
"T041496"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"T041495",
"T038624",
"T038623",
"T041496"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-48949"
}
]
}
WID-SEC-W-2024-3542
Vulnerability from csaf_certbund - Published: 2024-11-25 23:00 - Updated: 2026-02-05 23:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3542 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3542.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3542 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10236 vom 2024-11-25",
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0664 vom 2025-01-23",
"url": "https://access.redhat.com/errata/RHSA-2025:0664"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1942 vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2172 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-05T23:00:00.000+00:00",
"generator": {
"date": "2026-02-06T09:59:55.336+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3542",
"initial_release_date": "2024-11-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: EUVD-2025-29356, EUVD-2025-29357"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Dev Spaces \u003c3.17",
"product": {
"name": "Red Hat OpenShift Dev Spaces \u003c3.17",
"product_id": "T039431"
}
},
{
"category": "product_version",
"name": "Dev Spaces 3.17",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.17",
"product_id": "T039431-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:dev_spaces__3.17"
}
}
},
{
"category": "product_version_range",
"name": "Serverless Logic \u003c1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic \u003c1.35.0",
"product_id": "T040597"
}
},
{
"category": "product_version",
"name": "Serverless Logic 1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic 1.35.0",
"product_id": "T040597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:serverless_logic__1.35.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2023-42282"
},
{
"cve": "CVE-2024-29415",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-29415"
},
{
"cve": "CVE-2024-21534",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-21534"
},
{
"cve": "CVE-2024-34156",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45813",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-45813"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-48949"
}
]
}
WID-SEC-W-2025-0043
Vulnerability from csaf_certbund - Published: 2025-01-12 23:00 - Updated: 2025-03-17 23:00Summary
IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-01-12",
"url": "https://www.ibm.com/support/pages/node/7180725"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181570 vom 2025-01-24",
"url": "https://www.ibm.com/support/pages/node/7181570"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181915 vom 2025-01-29",
"url": "https://www.ibm.com/support/pages/node/7181915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0892 vom 2025-02-03",
"url": "https://access.redhat.com/errata/RHSA-2025:0892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1051 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1051"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184092 vom 2025-02-25",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184955 vom 2025-03-06",
"url": "https://www.ibm.com/support/pages/node/7184955"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7186423 vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186423"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-17T23:00:00.000+00:00",
"generator": {
"date": "2025-03-18T09:12:53.448+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0043",
"initial_release_date": "2025-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "7",
"summary": "Produktzuordnung korrigiert"
},
{
"date": "2025-03-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.2.1",
"product_id": "T040605"
}
},
{
"category": "product_version",
"name": "13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.2.1",
"product_id": "T040605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.10",
"product_id": "T040606"
}
},
{
"category": "product_version",
"name": "12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.10",
"product_id": "T040606-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.10"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Log Source Management App \u003c7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App \u003c7.0.11",
"product_id": "T040117"
}
},
{
"category": "product_version",
"name": "Log Source Management App 7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App 7.0.11",
"product_id": "T040117-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:log_source_management_app__7.0.11"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T041207",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "Data Synchronization App \u003c3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App \u003c3.2.1",
"product_id": "T041488"
}
},
{
"category": "product_version",
"name": "Data Synchronization App 3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App 3.2.1",
"product_id": "T041488-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:data_synchronization_app__3.2.1"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43788",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-47068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47068"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-21536",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21536"
},
{
"cve": "CVE-2024-21538",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-33883",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-33883"
},
{
"cve": "CVE-2024-37890",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-37890"
},
{
"cve": "CVE-2024-4067",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-48948",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-42459",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47764"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…