Vulnerability-Lookup

CVE-2025-11226 (GCVE-0-2025-11226)

Vulnerability from cvelistv5 – Published: 2025-10-01 07:26 – Updated: 2026-06-25 16:04

Title

Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

Summary

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. A successful attack requires the presence of Janino library and Spring Framework to be present on the user's class path. In addition, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.

Severity

7 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:N/RE:M/U:Green

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

NCSC.ch

References

2 references

URL	Tags
https://logback.qos.ch/news.html#1.5.19
https://logback.qos.ch/news.html#1.3.16

Impacted products

1 product

Vendor	Product	Version
QOS.CH Sarl	Logback-core	Affected: 0.9.20 , ≤ 1.5.18 (maven) Unaffected: 1.5.19 Unaffected: 1.3.16

Credits

Heihu577

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11226",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T16:04:36.111603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T16:04:42.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "logback-core"
          ],
          "platforms": [
            "Java"
          ],
          "product": "Logback-core",
          "vendor": "QOS.CH Sarl",
          "versions": [
            {
              "lessThanOrEqual": "1.5.18",
              "status": "affected",
              "version": "0.9.20",
              "versionType": "maven"
            },
            {
              "status": "unaffected",
              "version": "1.5.19"
            },
            {
              "status": "unaffected",
              "version": "1.3.16"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qos.ch_sarl:logback-core:*:*:java:*:*:*:*:*",
                  "versionEndIncluding": "1.5.18",
                  "versionStartIncluding": "0.9.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:qos.ch_sarl:logback-core:1.5.19:*:java:*:*:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:qos.ch_sarl:logback-core:1.3.16:*:java:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Heihu577"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must\u0026nbsp; have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.\n\n\n\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\n\n\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must\u00a0 have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known exploitation\u003cbr\u003e"
            }
          ],
          "value": "No known exploitation"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution on previously compromised system"
            }
          ]
        },
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:N/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T08:35:28.533Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "url": "https://logback.qos.ch/news.html#1.5.19"
        },
        {
          "url": "https://logback.qos.ch/news.html#1.3.16"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remove Janino from the Java classpath or update to logack version 1.5.19 or later. \u003cbr\u003e"
            }
          ],
          "value": "Remove Janino from the Java classpath or update to logack version 1.5.19 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remove Janino from the Java classpath or update to logack version 1.5.19 or later. \u003cbr\u003e"
            }
          ],
          "value": "Remove Janino from the Java classpath or update to logack version 1.5.19 or later."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2025-11226",
    "datePublished": "2025-10-01T07:26:12.567Z",
    "dateReserved": "2025-10-01T07:25:16.311Z",
    "dateUpdated": "2026-06-25T16:04:42.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-11226",
      "date": "2026-06-30",
      "epss": "0.00181",
      "percentile": "0.07828"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-11226\",\"sourceIdentifier\":\"vulnerability@ncsc.ch\",\"published\":\"2025-10-01T08:15:31.250\",\"lastModified\":\"2026-06-25T17:16:37.143\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\\n\\n\\n\\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must\u00a0 have write access to a \\nconfiguration file. Alternatively, the attacker could inject a malicious \\nenvironment variable pointing to a malicious configuration file. In both \\ncases, the attack requires existing privilege.\"}],\"affected\":[{\"source\":\"vulnerability@ncsc.ch\",\"affectedData\":[{\"vendor\":\"QOS.CH Sarl\",\"product\":\"Logback-core\",\"defaultStatus\":\"affected\",\"modules\":[\"logback-core\"],\"platforms\":[\"Java\"],\"versions\":[{\"version\":\"0.9.20\",\"lessThanOrEqual\":\"1.5.18\",\"versionType\":\"maven\",\"status\":\"affected\"},{\"version\":\"1.5.19\",\"status\":\"unaffected\"},{\"version\":\"1.3.16\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Green\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"PRESENT\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"GREEN\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-25T16:04:36.111603Z\",\"id\":\"CVE-2025-11226\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://logback.qos.ch/news.html#1.3.16\",\"source\":\"vulnerability@ncsc.ch\"},{\"url\":\"https://logback.qos.ch/news.html#1.5.19\",\"source\":\"vulnerability@ncsc.ch\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11226\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-25T16:04:36.111603Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T13:14:55.918Z\"}}], \"cna\": {\"title\": \"Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Heihu577\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Arbitrary code execution on previously compromised system\"}]}, {\"capecId\": \"CAPEC-242\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-242 Code Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:N/RE:M/U:Green\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"QOS.CH Sarl\", \"modules\": [\"logback-core\"], \"product\": \"Logback-core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.9.20\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"1.5.18\"}, {\"status\": \"unaffected\", \"version\": \"1.5.19\"}, {\"status\": \"unaffected\", \"version\": \"1.3.16\"}], \"platforms\": [\"Java\"], \"defaultStatus\": \"affected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"No known exploitation\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No known exploitation\u003cbr\u003e\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Remove Janino from the Java classpath or update to logack version 1.5.19 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Remove Janino from the Java classpath or update to logack version 1.5.19 or later. \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://logback.qos.ch/news.html#1.5.19\"}, {\"url\": \"https://logback.qos.ch/news.html#1.3.16\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Remove Janino from the Java classpath or update to logack version 1.5.19 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Remove Janino from the Java classpath or update to logack version 1.5.19 or later. \u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\\n\\n\\n\\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must\\u00a0 have write access to a \\nconfiguration file. Alternatively, the attacker could inject a malicious \\nenvironment variable pointing to a malicious configuration file. In both \\ncases, the attack requires existing privilege.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must\u0026nbsp; have write access to a \\nconfiguration file. Alternatively, the attacker could inject a malicious \\nenvironment variable pointing to a malicious configuration file. In both \\ncases, the attack requires existing privilege.\\n\\n\\n\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:qos.ch_sarl:logback-core:*:*:java:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.5.18\", \"versionStartIncluding\": \"0.9.20\"}, {\"criteria\": \"cpe:2.3:a:qos.ch_sarl:logback-core:1.5.19:*:java:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:qos.ch_sarl:logback-core:1.3.16:*:java:*:*:*:*:*\", \"vulnerable\": false}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"shortName\": \"NCSC.ch\", \"dateUpdated\": \"2026-06-24T08:35:28.533Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-11226\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-25T16:04:42.152Z\", \"dateReserved\": \"2025-10-01T07:25:16.311Z\", \"assignerOrgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"datePublished\": \"2025-10-01T07:26:12.567Z\", \"assignerShortName\": \"NCSC.ch\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

OPENSUSE-SU-2025:15597-1

Vulnerability from csaf_opensuse - Published: 2025-10-03 00:00 - Updated: 2025-10-03 00:00

Summary

logback-1.2.13-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: logback-1.2.13-1.1 on GA media

Description of the patch: These are all security issues fixed in the logback-1.2.13-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-15597

CVE-2023-6378

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6481

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-11226

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

9 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-6378/	self
https://www.suse.com/security/cve/CVE-2023-6481/	self
https://www.suse.com/security/cve/CVE-2025-11226/	self
https://www.suse.com/security/cve/CVE-2023-6378	external
https://www.suse.com/security/cve/CVE-2023-6481	external
https://www.suse.com/security/cve/CVE-2025-11226	external
https://bugzilla.suse.com/1250715	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "logback-1.2.13-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the logback-1.2.13-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15597",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15597-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6378 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6378/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6481 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6481/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11226 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11226/"
      }
    ],
    "title": "logback-1.2.13-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-10-03T00:00:00Z",
      "generator": {
        "date": "2025-10-03T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15597-1",
      "initial_release_date": "2025-10-03T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-10-03T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "logback-1.2.13-1.1.aarch64",
                "product": {
                  "name": "logback-1.2.13-1.1.aarch64",
                  "product_id": "logback-1.2.13-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-access-1.2.13-1.1.aarch64",
                "product": {
                  "name": "logback-access-1.2.13-1.1.aarch64",
                  "product_id": "logback-access-1.2.13-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-examples-1.2.13-1.1.aarch64",
                "product": {
                  "name": "logback-examples-1.2.13-1.1.aarch64",
                  "product_id": "logback-examples-1.2.13-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-javadoc-1.2.13-1.1.aarch64",
                "product": {
                  "name": "logback-javadoc-1.2.13-1.1.aarch64",
                  "product_id": "logback-javadoc-1.2.13-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "logback-1.2.13-1.1.ppc64le",
                "product": {
                  "name": "logback-1.2.13-1.1.ppc64le",
                  "product_id": "logback-1.2.13-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "logback-access-1.2.13-1.1.ppc64le",
                "product": {
                  "name": "logback-access-1.2.13-1.1.ppc64le",
                  "product_id": "logback-access-1.2.13-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "logback-examples-1.2.13-1.1.ppc64le",
                "product": {
                  "name": "logback-examples-1.2.13-1.1.ppc64le",
                  "product_id": "logback-examples-1.2.13-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "logback-javadoc-1.2.13-1.1.ppc64le",
                "product": {
                  "name": "logback-javadoc-1.2.13-1.1.ppc64le",
                  "product_id": "logback-javadoc-1.2.13-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "logback-1.2.13-1.1.s390x",
                "product": {
                  "name": "logback-1.2.13-1.1.s390x",
                  "product_id": "logback-1.2.13-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "logback-access-1.2.13-1.1.s390x",
                "product": {
                  "name": "logback-access-1.2.13-1.1.s390x",
                  "product_id": "logback-access-1.2.13-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "logback-examples-1.2.13-1.1.s390x",
                "product": {
                  "name": "logback-examples-1.2.13-1.1.s390x",
                  "product_id": "logback-examples-1.2.13-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "logback-javadoc-1.2.13-1.1.s390x",
                "product": {
                  "name": "logback-javadoc-1.2.13-1.1.s390x",
                  "product_id": "logback-javadoc-1.2.13-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "logback-1.2.13-1.1.x86_64",
                "product": {
                  "name": "logback-1.2.13-1.1.x86_64",
                  "product_id": "logback-1.2.13-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-access-1.2.13-1.1.x86_64",
                "product": {
                  "name": "logback-access-1.2.13-1.1.x86_64",
                  "product_id": "logback-access-1.2.13-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-examples-1.2.13-1.1.x86_64",
                "product": {
                  "name": "logback-examples-1.2.13-1.1.x86_64",
                  "product_id": "logback-examples-1.2.13-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "logback-javadoc-1.2.13-1.1.x86_64",
                "product": {
                  "name": "logback-javadoc-1.2.13-1.1.x86_64",
                  "product_id": "logback-javadoc-1.2.13-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-1.2.13-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64"
        },
        "product_reference": "logback-1.2.13-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-1.2.13-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le"
        },
        "product_reference": "logback-1.2.13-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-1.2.13-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x"
        },
        "product_reference": "logback-1.2.13-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-1.2.13-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64"
        },
        "product_reference": "logback-1.2.13-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-access-1.2.13-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64"
        },
        "product_reference": "logback-access-1.2.13-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-access-1.2.13-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le"
        },
        "product_reference": "logback-access-1.2.13-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-access-1.2.13-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x"
        },
        "product_reference": "logback-access-1.2.13-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-access-1.2.13-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64"
        },
        "product_reference": "logback-access-1.2.13-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-examples-1.2.13-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64"
        },
        "product_reference": "logback-examples-1.2.13-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-examples-1.2.13-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le"
        },
        "product_reference": "logback-examples-1.2.13-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-examples-1.2.13-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x"
        },
        "product_reference": "logback-examples-1.2.13-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-examples-1.2.13-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64"
        },
        "product_reference": "logback-examples-1.2.13-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-javadoc-1.2.13-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64"
        },
        "product_reference": "logback-javadoc-1.2.13-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-javadoc-1.2.13-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le"
        },
        "product_reference": "logback-javadoc-1.2.13-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-javadoc-1.2.13-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x"
        },
        "product_reference": "logback-javadoc-1.2.13-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-javadoc-1.2.13-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
        },
        "product_reference": "logback-javadoc-1.2.13-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6378",
          "url": "https://www.suse.com/security/cve/CVE-2023-6378"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6378"
    },
    {
      "cve": "CVE-2023-6481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,  1.3.13 and  1.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6481",
          "url": "https://www.suse.com/security/cve/CVE-2023-6481"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6481"
    },
    {
      "cve": "CVE-2025-11226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\n\n\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must   have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
          "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11226",
          "url": "https://www.suse.com/security/cve/CVE-2025-11226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250715 for CVE-2025-11226",
          "url": "https://bugzilla.suse.com/1250715"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:logback-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-access-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-examples-1.2.13-1.1.x86_64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.aarch64",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.ppc64le",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.s390x",
            "openSUSE Tumbleweed:logback-javadoc-1.2.13-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-11226"
    }
  ]
}

SUSE-SU-2025:03456-1

Vulnerability from csaf_suse - Published: 2025-10-07 07:08 - Updated: 2025-10-07 07:08

Summary

Security update for logback

Severity

Moderate

Notes

Title of the patch: Security update for logback

Description of the patch: This update for logback fixes the following issues: - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing (bsc#1250715)

Patchnames: SUSE-2025-3456,openSUSE-SLE-15.6-2025-3456

CVE-2025-11226

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.6:logback-1.2.13-150200.3.13.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:logback-access-1.2.13-150200.3.13.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:logback-examples-1.2.13-150200.3.13.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.6:logback-javadoc-1.2.13-150200.3.13.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2025…	self
https://bugzilla.suse.com/1250715	self
https://www.suse.com/security/cve/CVE-2025-11226/	self
https://www.suse.com/security/cve/CVE-2025-11226	external
https://bugzilla.suse.com/1250715	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for logback",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for logback fixes the following issues:\n\n  - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing (bsc#1250715)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3456,openSUSE-SLE-15.6-2025-3456",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03456-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:03456-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503456-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:03456-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042009.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250715",
        "url": "https://bugzilla.suse.com/1250715"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11226 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11226/"
      }
    ],
    "title": "Security update for logback",
    "tracking": {
      "current_release_date": "2025-10-07T07:08:23Z",
      "generator": {
        "date": "2025-10-07T07:08:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:03456-1",
      "initial_release_date": "2025-10-07T07:08:23Z",
      "revision_history": [
        {
          "date": "2025-10-07T07:08:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "logback-1.2.13-150200.3.13.1.noarch",
                "product": {
                  "name": "logback-1.2.13-150200.3.13.1.noarch",
                  "product_id": "logback-1.2.13-150200.3.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "logback-access-1.2.13-150200.3.13.1.noarch",
                "product": {
                  "name": "logback-access-1.2.13-150200.3.13.1.noarch",
                  "product_id": "logback-access-1.2.13-150200.3.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "logback-examples-1.2.13-150200.3.13.1.noarch",
                "product": {
                  "name": "logback-examples-1.2.13-150200.3.13.1.noarch",
                  "product_id": "logback-examples-1.2.13-150200.3.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "logback-javadoc-1.2.13-150200.3.13.1.noarch",
                "product": {
                  "name": "logback-javadoc-1.2.13-150200.3.13.1.noarch",
                  "product_id": "logback-javadoc-1.2.13-150200.3.13.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-1.2.13-150200.3.13.1.noarch as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:logback-1.2.13-150200.3.13.1.noarch"
        },
        "product_reference": "logback-1.2.13-150200.3.13.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-access-1.2.13-150200.3.13.1.noarch as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:logback-access-1.2.13-150200.3.13.1.noarch"
        },
        "product_reference": "logback-access-1.2.13-150200.3.13.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-examples-1.2.13-150200.3.13.1.noarch as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:logback-examples-1.2.13-150200.3.13.1.noarch"
        },
        "product_reference": "logback-examples-1.2.13-150200.3.13.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "logback-javadoc-1.2.13-150200.3.13.1.noarch as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:logback-javadoc-1.2.13-150200.3.13.1.noarch"
        },
        "product_reference": "logback-javadoc-1.2.13-150200.3.13.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-11226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\n\n\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user\u0027s class path. In addition, the attacker must   have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.6:logback-1.2.13-150200.3.13.1.noarch",
          "openSUSE Leap 15.6:logback-access-1.2.13-150200.3.13.1.noarch",
          "openSUSE Leap 15.6:logback-examples-1.2.13-150200.3.13.1.noarch",
          "openSUSE Leap 15.6:logback-javadoc-1.2.13-150200.3.13.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11226",
          "url": "https://www.suse.com/security/cve/CVE-2025-11226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250715 for CVE-2025-11226",
          "url": "https://bugzilla.suse.com/1250715"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.6:logback-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-access-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-examples-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-javadoc-1.2.13-150200.3.13.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.6:logback-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-access-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-examples-1.2.13-150200.3.13.1.noarch",
            "openSUSE Leap 15.6:logback-javadoc-1.2.13-150200.3.13.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-07T07:08:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-11226"
    }
  ]
}

WID-SEC-W-2025-2181

Vulnerability from csaf_certbund - Published: 2025-10-01 22:00 - Updated: 2026-03-09 23:00

Summary

Logback: Schwachstelle ermöglicht Codeausführung

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Logback ist der Nachfolger des populären log4j-Projekts und stellt eine Java Logging API zur Verfügung.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Logback ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2025-11226

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Logback <1.5.19 Open Source / Logback		<1.5.19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Rational ClearCase IBM	`cpe:/a:ibm:rational_clearcase:-`	—
RealObjects PDFreactor <12.4 RealObjects / PDFreactor		<12.4

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://logback.qos.ch/news.html#1.5.19	external
https://nvd.nist.gov/vuln/detail/CVE-2025-11226	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://www.pdfreactor.com/pdfreactor-12-4/	external
https://www.ibm.com/support/pages/node/7262525	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Logback ist der Nachfolger des popul\u00e4ren log4j-Projekts und stellt eine Java Logging API zur Verf\u00fcgung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Logback ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2181 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2181.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2181 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2181"
      },
      {
        "category": "external",
        "summary": "Logback Release Notes vom 2025-10-01",
        "url": "https://logback.qos.ch/news.html#1.5.19"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2025-10-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11226"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15597-1 vom 2025-10-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z2FFWIWMXXKI6AAOHCZAWCBHQKATJXIR/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03456-1 vom 2025-10-07",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7QMV5WC67H3ZUWQKHPZVHUEER56EHH42/"
      },
      {
        "category": "external",
        "summary": "PDFreactor ReleaseNotes vom 2025-12-04",
        "url": "https://www.pdfreactor.com/pdfreactor-12-4/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262525 vom 2026-03-10",
        "url": "https://www.ibm.com/support/pages/node/7262525"
      }
    ],
    "source_lang": "en-US",
    "title": "Logback: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2026-03-09T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-10T09:32:08.908+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2181",
      "initial_release_date": "2025-10-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-05T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-10-06T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-03T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-03-09T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Rational ClearCase",
            "product": {
              "name": "IBM Rational ClearCase",
              "product_id": "T004180",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearcase:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.5.19",
                "product": {
                  "name": "Open Source Logback \u003c1.5.19",
                  "product_id": "T047350"
                }
              },
              {
                "category": "product_version",
                "name": "1.5.19",
                "product": {
                  "name": "Open Source Logback 1.5.19",
                  "product_id": "T047350-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:logback:logback:1.5.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Logback"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4",
                "product": {
                  "name": "RealObjects PDFreactor \u003c12.4",
                  "product_id": "T049106"
                }
              },
              {
                "category": "product_version",
                "name": "12.4",
                "product": {
                  "name": "RealObjects PDFreactor 12.4",
                  "product_id": "T049106-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:realobjects:pdfreactor:12.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDFreactor"
          }
        ],
        "category": "vendor",
        "name": "RealObjects"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-11226",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047350",
          "T027843",
          "T004180",
          "T049106"
        ]
      },
      "release_date": "2025-10-01T22:00:00.000+00:00",
      "title": "CVE-2025-11226"
    }
  ]
}

WID-SEC-W-2026-0351

Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-02-09 23:00

Summary

Dell NetWorker (Third Party Components): Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Dell NetWorker stellt zentralisiert Backup- und Recovery-Dienste bereit.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell NetWorker ausnutzen, um Angriffe zu starten, die die Integrität, Vertraulichkeit und Verfügbarkeit von Systemen beeinträchtigen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2012-5783

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2014-3577

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2015-5262

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2020-13956

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2023-35116

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2024-29736

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2024-32007

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2024-41172

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-11226

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-22228

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-22233

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-22235

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-23184

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-27820

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-31650

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-31651

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-41234

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-41242

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-41248

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-41254

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-46392

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-48913

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-48924

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-48989

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-53864

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-7962

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-8713

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-8714

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-8715

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

CVE-2025-8885

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Dell NetWorker AUTHC <19.14 Dell / NetWorker		AUTHC <19.14
Dell NetWorker vCenter User Interface <19.14 Dell / NetWorker		vCenter User Interface <19.14
Dell NetWorker Management Web UI <19.14 Dell / NetWorker		Management Web UI <19.14
Dell NetWorker Management Console <19.14 Dell / NetWorker		Management Console <19.14
Dell NetWorker File-Level Recovery <19.14 Dell / NetWorker		File-Level Recovery <19.14
Dell NetWorker REST API <19.14 Dell / NetWorker		REST API <19.14

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/de-de/00042542…	external
https://www.dell.com/support/kbdoc/de-de/00042575…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell NetWorker stellt zentralisiert Backup- und Recovery-Dienste bereit.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell NetWorker ausnutzen, um Angriffe zu starten, die die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit von Systemen beeintr\u00e4chtigen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0351 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0351.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0351 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0351"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-023 vom 2026-02-09",
        "url": "https://www.dell.com/support/kbdoc/de-de/000425429/dsa-2026-023-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-024 vom 2026-02-09",
        "url": "https://www.dell.com/support/kbdoc/de-de/000425759/dsa-2026-024-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell NetWorker (Third Party Components): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-09T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-10T10:02:33.638+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0351",
      "initial_release_date": "2026-02-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "AUTHC \u003c19.14",
                "product": {
                  "name": "Dell NetWorker AUTHC \u003c19.14",
                  "product_id": "T050629"
                }
              },
              {
                "category": "product_version",
                "name": "AUTHC 19.14",
                "product": {
                  "name": "Dell NetWorker AUTHC 19.14",
                  "product_id": "T050629-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:authc__19.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Management Console \u003c19.14",
                "product": {
                  "name": "Dell NetWorker Management Console \u003c19.14",
                  "product_id": "T050630"
                }
              },
              {
                "category": "product_version",
                "name": "Management Console 19.14",
                "product": {
                  "name": "Dell NetWorker Management Console 19.14",
                  "product_id": "T050630-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:management_console__19.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Management Web UI \u003c19.14",
                "product": {
                  "name": "Dell NetWorker Management Web UI \u003c19.14",
                  "product_id": "T050631"
                }
              },
              {
                "category": "product_version",
                "name": "Management Web UI 19.14",
                "product": {
                  "name": "Dell NetWorker Management Web UI 19.14",
                  "product_id": "T050631-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:management_web_ui__19.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "REST API \u003c19.14",
                "product": {
                  "name": "Dell NetWorker REST API \u003c19.14",
                  "product_id": "T050632"
                }
              },
              {
                "category": "product_version",
                "name": "REST API 19.14",
                "product": {
                  "name": "Dell NetWorker REST API 19.14",
                  "product_id": "T050632-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:rest_api__19.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "File-Level Recovery \u003c19.14",
                "product": {
                  "name": "Dell NetWorker File-Level Recovery \u003c19.14",
                  "product_id": "T050633"
                }
              },
              {
                "category": "product_version",
                "name": "File-Level Recovery 19.14",
                "product": {
                  "name": "Dell NetWorker File-Level Recovery 19.14",
                  "product_id": "T050633-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:file-level_recovery__19.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vCenter User Interface \u003c19.14",
                "product": {
                  "name": "Dell NetWorker vCenter User Interface \u003c19.14",
                  "product_id": "T050634"
                }
              },
              {
                "category": "product_version",
                "name": "vCenter User Interface 19.14",
                "product": {
                  "name": "Dell NetWorker vCenter User Interface 19.14",
                  "product_id": "T050634-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:vcenter_user_interface__19.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-5783",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2012-5783"
    },
    {
      "cve": "CVE-2014-3577",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2014-3577"
    },
    {
      "cve": "CVE-2015-5262",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2015-5262"
    },
    {
      "cve": "CVE-2020-13956",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2023-35116",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2024-29736",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2024-29736"
    },
    {
      "cve": "CVE-2024-32007",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2024-32007"
    },
    {
      "cve": "CVE-2024-41172",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2024-41172"
    },
    {
      "cve": "CVE-2025-11226",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-11226"
    },
    {
      "cve": "CVE-2025-22228",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-22228"
    },
    {
      "cve": "CVE-2025-22233",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-22233"
    },
    {
      "cve": "CVE-2025-22235",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-22235"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-27820",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-27820"
    },
    {
      "cve": "CVE-2025-31650",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-31650"
    },
    {
      "cve": "CVE-2025-31651",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-31651"
    },
    {
      "cve": "CVE-2025-41234",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-41234"
    },
    {
      "cve": "CVE-2025-41242",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-41242"
    },
    {
      "cve": "CVE-2025-41248",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-41248"
    },
    {
      "cve": "CVE-2025-41254",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-41254"
    },
    {
      "cve": "CVE-2025-46392",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-46392"
    },
    {
      "cve": "CVE-2025-48913",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-48913"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48989",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-53864",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-7962",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-7962"
    },
    {
      "cve": "CVE-2025-8713",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-8713"
    },
    {
      "cve": "CVE-2025-8714",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-8714"
    },
    {
      "cve": "CVE-2025-8715",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-8715"
    },
    {
      "cve": "CVE-2025-8885",
      "product_status": {
        "known_affected": [
          "T050629",
          "T050634",
          "T050631",
          "T050630",
          "T050633",
          "T050632"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-8885"
    }
  ]
}

WID-SEC-W-2026-0778

Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-05-11 22:00

Summary

Dell Secure Connect Gateway Policy Manager: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Dell Secure Connect Gateway ist eine Softwarelösung, die als sicherer, zentralisierter Punkt für die Verwaltung des Fernzugriffs und des Supports für Hardware und Software von Dell Technologies dient.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway Policy Manager ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - Windows

CVE-2014-8991

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2015-2296

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2019-6778

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-10756

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-13645

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-1983

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-24455

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-25219

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-26154

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2020-29130

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2021-3592

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2021-3593

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2021-3594

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2021-3595

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2022-40897

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2023-22745

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2023-5752

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2024-25621

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2024-29040

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2024-6345

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-10911

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-11226

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-11468

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-11563

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-11731

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-12084

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-12781

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-1352

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-13601

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-1372

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-1376

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-1377

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-13836

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-13837

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-14087

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-14512

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-15281

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-15282

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-15366

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-15367

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-15467

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-24294

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-28162

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-28164

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-31133

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-3576

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-47273

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-52565

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-52881

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-53057

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-53666

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-54770

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-54771

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-54798

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-55752

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-59375

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-6075

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61661

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61662

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61663

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61664

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61748

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61795

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61984

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-61985

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-64329

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-64505

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-64506

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-64720

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-64756

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-65018

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-66035

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-66293

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-66412

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-66614

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-67721

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-68160

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-68973

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-69418

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-69419

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-69420

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-69421

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-69873

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-7039

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-8291

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-9187

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2025-9820

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-0672

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-0861

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-0865

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-0915

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-0988

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-1484

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-1485

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-1489

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-22610

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-22695

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-22795

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-22796

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-22801

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-24734

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-24882

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

CVE-2026-25646

Affected products

Known affected 3 products

Product	Identifier	Version
Dell ECS 3.8.1.0-3.8.1.7 Dell / ECS	`cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7`	3.8.1.0-3.8.1.7
Dell Secure Connect Gateway Policy Manager <5.34.00.14 Dell / Secure Connect Gateway		Policy Manager <5.34.00.14
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/de-de/00044113…	external
https://www.dell.com/support/kbdoc/de-de/00044324…	external
https://www.dell.com/support/kbdoc/en-us/00046211…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell Secure Connect Gateway ist eine Softwarel\u00f6sung, die als sicherer, zentralisierter Punkt f\u00fcr die Verwaltung des Fernzugriffs und des Supports f\u00fcr Hardware und Software von Dell Technologies dient.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway Policy Manager ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0778 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0778.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0778 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0778"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-120 vom 2026-03-18",
        "url": "https://www.dell.com/support/kbdoc/de-de/000441138/dsa-2026-120-security-update-for-dell-secure-connect-gateway-policy-manager-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory",
        "url": "https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell Secure Connect Gateway Policy Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-11T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-12T08:12:31.865+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0778",
      "initial_release_date": "2026-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-05-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.8.1.0-3.8.1.7",
                "product": {
                  "name": "Dell ECS 3.8.1.0-3.8.1.7",
                  "product_id": "T053778",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ECS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Policy Manager \u003c5.34.00.14",
                "product": {
                  "name": "Dell Secure Connect Gateway Policy Manager \u003c5.34.00.14",
                  "product_id": "T051894"
                }
              },
              {
                "category": "product_version",
                "name": "Policy Manager 5.34.00.14",
                "product": {
                  "name": "Dell Secure Connect Gateway Policy Manager 5.34.00.14",
                  "product_id": "T051894-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:policy_manager__5.34.00.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway \u003c5.34.00.16",
                  "product_id": "T052048"
                }
              },
              {
                "category": "product_version",
                "name": "5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway 5.34.00.16",
                  "product_id": "T052048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-8991",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2014-8991"
    },
    {
      "cve": "CVE-2015-2296",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2015-2296"
    },
    {
      "cve": "CVE-2019-6778",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-6778"
    },
    {
      "cve": "CVE-2020-10756",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-10756"
    },
    {
      "cve": "CVE-2020-13645",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-13645"
    },
    {
      "cve": "CVE-2020-1983",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-1983"
    },
    {
      "cve": "CVE-2020-24455",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-24455"
    },
    {
      "cve": "CVE-2020-25219",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-25219"
    },
    {
      "cve": "CVE-2020-26154",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-26154"
    },
    {
      "cve": "CVE-2020-29130",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2020-29130"
    },
    {
      "cve": "CVE-2021-3592",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2021-3592"
    },
    {
      "cve": "CVE-2021-3593",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2021-3593"
    },
    {
      "cve": "CVE-2021-3594",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2021-3594"
    },
    {
      "cve": "CVE-2021-3595",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2021-3595"
    },
    {
      "cve": "CVE-2022-40897",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2022-40897"
    },
    {
      "cve": "CVE-2023-22745",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2023-22745"
    },
    {
      "cve": "CVE-2023-5752",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2023-5752"
    },
    {
      "cve": "CVE-2024-25621",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2024-25621"
    },
    {
      "cve": "CVE-2024-29040",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2024-29040"
    },
    {
      "cve": "CVE-2024-6345",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2024-6345"
    },
    {
      "cve": "CVE-2025-10911",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-10911"
    },
    {
      "cve": "CVE-2025-11226",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-11226"
    },
    {
      "cve": "CVE-2025-11468",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-11468"
    },
    {
      "cve": "CVE-2025-11563",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-11563"
    },
    {
      "cve": "CVE-2025-11731",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-11731"
    },
    {
      "cve": "CVE-2025-12084",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-12084"
    },
    {
      "cve": "CVE-2025-12781",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-12781"
    },
    {
      "cve": "CVE-2025-1352",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-1352"
    },
    {
      "cve": "CVE-2025-13601",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-13601"
    },
    {
      "cve": "CVE-2025-1372",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-1372"
    },
    {
      "cve": "CVE-2025-1376",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-1376"
    },
    {
      "cve": "CVE-2025-1377",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-1377"
    },
    {
      "cve": "CVE-2025-13836",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-13836"
    },
    {
      "cve": "CVE-2025-13837",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-13837"
    },
    {
      "cve": "CVE-2025-14087",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-14087"
    },
    {
      "cve": "CVE-2025-14512",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-14512"
    },
    {
      "cve": "CVE-2025-15281",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15281"
    },
    {
      "cve": "CVE-2025-15282",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15282"
    },
    {
      "cve": "CVE-2025-15366",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15366"
    },
    {
      "cve": "CVE-2025-15367",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15367"
    },
    {
      "cve": "CVE-2025-15467",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15467"
    },
    {
      "cve": "CVE-2025-24294",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-24294"
    },
    {
      "cve": "CVE-2025-28162",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-28162"
    },
    {
      "cve": "CVE-2025-28164",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-28164"
    },
    {
      "cve": "CVE-2025-31133",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-31133"
    },
    {
      "cve": "CVE-2025-3576",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-3576"
    },
    {
      "cve": "CVE-2025-47273",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-47273"
    },
    {
      "cve": "CVE-2025-52565",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-52565"
    },
    {
      "cve": "CVE-2025-52881",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-52881"
    },
    {
      "cve": "CVE-2025-53057",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-53057"
    },
    {
      "cve": "CVE-2025-53666",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-53666"
    },
    {
      "cve": "CVE-2025-54770",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-54770"
    },
    {
      "cve": "CVE-2025-54771",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-54771"
    },
    {
      "cve": "CVE-2025-54798",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-54798"
    },
    {
      "cve": "CVE-2025-55752",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-55752"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-6075",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-6075"
    },
    {
      "cve": "CVE-2025-61661",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61661"
    },
    {
      "cve": "CVE-2025-61662",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61662"
    },
    {
      "cve": "CVE-2025-61663",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61663"
    },
    {
      "cve": "CVE-2025-61664",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61664"
    },
    {
      "cve": "CVE-2025-61748",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61748"
    },
    {
      "cve": "CVE-2025-61795",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-61984",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61984"
    },
    {
      "cve": "CVE-2025-61985",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-61985"
    },
    {
      "cve": "CVE-2025-64329",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64329"
    },
    {
      "cve": "CVE-2025-64505",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64505"
    },
    {
      "cve": "CVE-2025-64506",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64506"
    },
    {
      "cve": "CVE-2025-64720",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64720"
    },
    {
      "cve": "CVE-2025-64756",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64756"
    },
    {
      "cve": "CVE-2025-65018",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2025-66035",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66035"
    },
    {
      "cve": "CVE-2025-66293",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66293"
    },
    {
      "cve": "CVE-2025-66412",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66412"
    },
    {
      "cve": "CVE-2025-66614",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2025-67721",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-67721"
    },
    {
      "cve": "CVE-2025-68160",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-68160"
    },
    {
      "cve": "CVE-2025-68973",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-68973"
    },
    {
      "cve": "CVE-2025-69418",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-69418"
    },
    {
      "cve": "CVE-2025-69419",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-69419"
    },
    {
      "cve": "CVE-2025-69420",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-69420"
    },
    {
      "cve": "CVE-2025-69421",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-69421"
    },
    {
      "cve": "CVE-2025-69873",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-69873"
    },
    {
      "cve": "CVE-2025-7039",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-7039"
    },
    {
      "cve": "CVE-2025-8291",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-8291"
    },
    {
      "cve": "CVE-2025-9187",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-9187"
    },
    {
      "cve": "CVE-2025-9820",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-9820"
    },
    {
      "cve": "CVE-2026-0672",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0672"
    },
    {
      "cve": "CVE-2026-0861",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0861"
    },
    {
      "cve": "CVE-2026-0865",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0865"
    },
    {
      "cve": "CVE-2026-0915",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0915"
    },
    {
      "cve": "CVE-2026-0988",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0988"
    },
    {
      "cve": "CVE-2026-1484",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1484"
    },
    {
      "cve": "CVE-2026-1485",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1485"
    },
    {
      "cve": "CVE-2026-1489",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1489"
    },
    {
      "cve": "CVE-2026-22610",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22610"
    },
    {
      "cve": "CVE-2026-22695",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22695"
    },
    {
      "cve": "CVE-2026-22795",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22795"
    },
    {
      "cve": "CVE-2026-22796",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22796"
    },
    {
      "cve": "CVE-2026-22801",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22801"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-24734"
    },
    {
      "cve": "CVE-2026-24882",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-24882"
    },
    {
      "cve": "CVE-2026-25646",
      "product_status": {
        "known_affected": [
          "T053778",
          "T051894",
          "T052048"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-25646"
    }
  ]
}

WID-SEC-W-2026-1032

Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-06-07 22:00

Summary

IBM Tivoli Network Manager: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2023-48795

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-11226

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-40918

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-48924

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-53864

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-55163

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-64775

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-66675

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2025-68161

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-1225

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-21925

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-21932

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-21933

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-21945

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-24281

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-24308

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-27171

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

CVE-2026-3381

Affected products

Known affected 4 products

Product	Identifier	Version
IBM Tivoli Network Manager IP Edition <4.2.0.24 IBM / Tivoli Network Manager		IP Edition <4.2.0.24
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale <6.0.1.0 IBM / Storage Scale		<6.0.1.0
IBM Storage Scale <5.2.3.8 IBM / Storage Scale		<5.2.3.8

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7268900	external
https://access.redhat.com/errata/RHSA-2026:8509	external
https://access.redhat.com/errata/RHSA-2026:14276	external
https://access.redhat.com/errata/RHSA-2026:14272	external
https://www.ibm.com/support/pages/node/7275270	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1032 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1032.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1032 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1032"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7268900 vom 2026-04-08",
        "url": "https://www.ibm.com/support/pages/node/7268900"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8509 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8509"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14276 vom 2026-05-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:14276"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14272 vom 2026-05-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:14272"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7275270 vom 2026-06-05",
        "url": "https://www.ibm.com/support/pages/node/7275270"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-07T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-08T09:28:17.276+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1032",
      "initial_release_date": "2026-04-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.2.3.8",
                "product": {
                  "name": "IBM Storage Scale \u003c5.2.3.8",
                  "product_id": "T055027"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.3.8",
                "product": {
                  "name": "IBM Storage Scale 5.2.3.8",
                  "product_id": "T055027-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.1.0",
                "product": {
                  "name": "IBM Storage Scale \u003c6.0.1.0",
                  "product_id": "T055028"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.1.0",
                "product": {
                  "name": "IBM Storage Scale 6.0.1.0",
                  "product_id": "T055028-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:6.0.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "IP Edition \u003c4.2.0.24",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c4.2.0.24",
                  "product_id": "T052592"
                }
              },
              {
                "category": "product_version",
                "name": "IP Edition 4.2.0.24",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition 4.2.0.24",
                  "product_id": "T052592-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2.0.24"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Network Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2025-11226",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-11226"
    },
    {
      "cve": "CVE-2025-40918",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-40918"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-53864",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-64775",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-64775"
    },
    {
      "cve": "CVE-2025-66675",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-66675"
    },
    {
      "cve": "CVE-2025-68161",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-68161"
    },
    {
      "cve": "CVE-2026-1225",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-1225"
    },
    {
      "cve": "CVE-2026-21925",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21925"
    },
    {
      "cve": "CVE-2026-21932",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21932"
    },
    {
      "cve": "CVE-2026-21933",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21933"
    },
    {
      "cve": "CVE-2026-21945",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21945"
    },
    {
      "cve": "CVE-2026-24281",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-24281"
    },
    {
      "cve": "CVE-2026-24308",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-24308"
    },
    {
      "cve": "CVE-2026-27171",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-27171"
    },
    {
      "cve": "CVE-2026-3381",
      "product_status": {
        "known_affected": [
          "T052592",
          "67646",
          "T055028",
          "T055027"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-3381"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-11226 (GCVE-0-2025-11226)

OPENSUSE-SU-2025:15597-1

SUSE-SU-2025:03456-1

WID-SEC-W-2025-2181

WID-SEC-W-2026-0351

WID-SEC-W-2026-0778

WID-SEC-W-2026-1032

Tags

Sightings

Nomenclature