Vulnerability-Lookup

CVE-2025-52434 (GCVE-0-2025-52434)

Vulnerability from cvelistv5 – Published: 2025-07-10 19:03 – Updated: 2025-11-04 21:11

Title

Apache Tomcat: APR/Native Connector crash leading to DoS

Summary

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/gxgh65004f25y8519…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2025…
http://www.openwall.com/lists/oss-security/2025/0…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 9.0.0.M1 , ≤ 9.0.106 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 5 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

Nacl 12SqweR WHOAMI yyzmoon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-52434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T14:02:46.073154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T14:04:04.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:11:38.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.0.106",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nacl"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "12SqweR"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "WHOAMI"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "yyzmoon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eConcurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.0.107, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:42:53.016Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: APR/Native Connector crash leading to DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-52434",
    "datePublished": "2025-07-10T19:03:47.225Z",
    "dateReserved": "2025-06-16T07:00:46.986Z",
    "dateUpdated": "2025-11-04T21:11:38.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-52434",
      "date": "2026-06-04",
      "epss": "0.01205",
      "percentile": "0.79282"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52434\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-07-10T19:15:25.220\",\"lastModified\":\"2025-11-04T22:16:20.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\\n\\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n concurrente mediante recursos compartidos con sincronizaci\u00f3n incorrecta (\u00abCondici\u00f3n de ejecuci\u00f3n\u00bb) en Apache Tomcat al usar el conector APR/Nativo. Esto era especialmente evidente con el cierre de conexiones HTTP/2 iniciado por el cliente. Este problema afecta a Apache Tomcat desde la versi\u00f3n 9.0.0.M1 hasta la 9.0.106. Se recomienda actualizar a la versi\u00f3n 9.0.107, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.107\",\"matchCriteriaId\":\"E068C4BE-B0A9-4C86-A03C-33089784EC21\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/10/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/10/11\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:11:38.474Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52434\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T14:02:46.073154Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T14:03:36.267Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: APR/Native Connector crash leading to DoS\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nacl\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"12SqweR\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"WHOAMI\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"yyzmoon\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.106\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"5\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\\n\\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eConcurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \\nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.0.107, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:42:53.016Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52434\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:11:38.474Z\", \"dateReserved\": \"2025-06-16T07:00:46.986Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-07-10T19:03:47.225Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-1905

Vulnerability from csaf_certbund - Published: 2025-08-25 22:00 - Updated: 2026-03-04 23:00

Summary

IBM QRadar SIEM Komponente: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM Komponenten ausnutzen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2019-17543

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2019-5427

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2020-5260

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49058

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49111

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49136

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49788

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49846

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-49977

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-50020

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-23337

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-28956

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-34397

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-43420

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-45332

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-50154

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-50349

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-52006

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-52533

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-53920

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-54661

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-57980

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-58002

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2024-6531

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-20012

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-20623

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-21905

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-21919

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-21928

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-21991

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-22004

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-22020

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-23150

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-24495

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-27613

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-27614

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-32415

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-37738

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-37890

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-38052

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-38079

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-38086

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-4373

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-46835

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-47273

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-48060

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-48384

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-48385

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-49794

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-49796

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-52434

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-52520

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-53506

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-55668

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-6021

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-6965

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-7425

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM QRadar SIEM <7.5.0 UP13 IF01 IBM / QRadar SIEM		<7.5.0 UP13 IF01
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7243011	external
https://access.redhat.com/errata/RHSA-2025:14746	external
https://access.redhat.com/errata/RHSA-2025:14748	external
https://linux.oracle.com/errata/ELSA-2025-17161.html	external
https://linux.oracle.com/errata/ELSA-2025-22910.html	external
https://linux.oracle.com/errata/ELSA-2026-1581.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM Komponenten ausnutzen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuf\u00fchren, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1905 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1905.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1905 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1905"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7243011 vom 2025-08-25",
        "url": "https://www.ibm.com/support/pages/node/7243011"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14746 vom 2025-08-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:14746"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14748 vom 2025-08-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:14748"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-17161 vom 2025-10-21",
        "url": "https://linux.oracle.com/errata/ELSA-2025-17161.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-22910 vom 2026-01-29",
        "url": "https://linux.oracle.com/errata/ELSA-2025-22910.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-1581 vom 2026-03-04",
        "url": "https://linux.oracle.com/errata/ELSA-2026-1581.html"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM Komponente: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-04T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-05T09:20:05.962+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1905",
      "initial_release_date": "2025-08-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-29T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP13 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP13 IF01",
                  "product_id": "T046492"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP13 IF01",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP13 IF01",
                  "product_id": "T046492-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up13_if01"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-17543",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2019-17543"
    },
    {
      "cve": "CVE-2019-5427",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2019-5427"
    },
    {
      "cve": "CVE-2020-5260",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2020-5260"
    },
    {
      "cve": "CVE-2022-49058",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49058"
    },
    {
      "cve": "CVE-2022-49111",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49111"
    },
    {
      "cve": "CVE-2022-49136",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49136"
    },
    {
      "cve": "CVE-2022-49788",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49788"
    },
    {
      "cve": "CVE-2022-49846",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49846"
    },
    {
      "cve": "CVE-2022-49977",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-49977"
    },
    {
      "cve": "CVE-2022-50020",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2022-50020"
    },
    {
      "cve": "CVE-2024-23337",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-23337"
    },
    {
      "cve": "CVE-2024-28956",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-28956"
    },
    {
      "cve": "CVE-2024-34397",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-34397"
    },
    {
      "cve": "CVE-2024-43420",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43420"
    },
    {
      "cve": "CVE-2024-45332",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-45332"
    },
    {
      "cve": "CVE-2024-50154",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-50154"
    },
    {
      "cve": "CVE-2024-50349",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-50349"
    },
    {
      "cve": "CVE-2024-52006",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-52006"
    },
    {
      "cve": "CVE-2024-52533",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-52533"
    },
    {
      "cve": "CVE-2024-53920",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-53920"
    },
    {
      "cve": "CVE-2024-54661",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-54661"
    },
    {
      "cve": "CVE-2024-57980",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-57980"
    },
    {
      "cve": "CVE-2024-58002",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-58002"
    },
    {
      "cve": "CVE-2024-6531",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-6531"
    },
    {
      "cve": "CVE-2025-20012",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-20012"
    },
    {
      "cve": "CVE-2025-20623",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-20623"
    },
    {
      "cve": "CVE-2025-21905",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-21905"
    },
    {
      "cve": "CVE-2025-21919",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-21919"
    },
    {
      "cve": "CVE-2025-21928",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-21928"
    },
    {
      "cve": "CVE-2025-21991",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-21991"
    },
    {
      "cve": "CVE-2025-22004",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-22004"
    },
    {
      "cve": "CVE-2025-22020",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-22020"
    },
    {
      "cve": "CVE-2025-23150",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-23150"
    },
    {
      "cve": "CVE-2025-24495",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-24495"
    },
    {
      "cve": "CVE-2025-27613",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-27613"
    },
    {
      "cve": "CVE-2025-27614",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-27614"
    },
    {
      "cve": "CVE-2025-32415",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-32415"
    },
    {
      "cve": "CVE-2025-37738",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-37738"
    },
    {
      "cve": "CVE-2025-37890",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-37890"
    },
    {
      "cve": "CVE-2025-38052",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-38052"
    },
    {
      "cve": "CVE-2025-38079",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-38079"
    },
    {
      "cve": "CVE-2025-38086",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-38086"
    },
    {
      "cve": "CVE-2025-4373",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-4373"
    },
    {
      "cve": "CVE-2025-46835",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-46835"
    },
    {
      "cve": "CVE-2025-47273",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-47273"
    },
    {
      "cve": "CVE-2025-48060",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-48060"
    },
    {
      "cve": "CVE-2025-48384",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-48384"
    },
    {
      "cve": "CVE-2025-48385",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-48385"
    },
    {
      "cve": "CVE-2025-49794",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-49794"
    },
    {
      "cve": "CVE-2025-49796",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-52434",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-52434"
    },
    {
      "cve": "CVE-2025-52520",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-52520"
    },
    {
      "cve": "CVE-2025-53506",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-53506"
    },
    {
      "cve": "CVE-2025-55668",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-55668"
    },
    {
      "cve": "CVE-2025-6021",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-6021"
    },
    {
      "cve": "CVE-2025-6965",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-7425",
      "product_status": {
        "known_affected": [
          "67646",
          "T046492",
          "T004914"
        ]
      },
      "release_date": "2025-08-25T22:00:00.000+00:00",
      "title": "CVE-2025-7425"
    }
  ]
}

WID-SEC-W-2026-0177

Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-28 23:00

Summary

Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, und um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2021-3807

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2022-25883

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2022-45693

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-21538

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-38286

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-45296

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-45801

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-12383

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-15284

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-27152

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-41249

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-48976

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-48989

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-49146

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-52434

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-52999

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-53689

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-54988

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-55163

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-55752

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-64775

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-66516

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-9287

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-9288

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2026-21569

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://www.dell.com/support/kbdoc/en-us/00028173…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0177 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0177.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0177 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0177"
      },
      {
        "category": "external",
        "summary": "Atlassian Support Security Bulletin vom 2026-01-20",
        "url": "https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html"
      },
      {
        "category": "external",
        "summary": "Deell Security Update",
        "url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-28T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-29T07:51:12.449+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0177",
      "initial_release_date": "2026-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-4913"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c12.0.2",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c12.0.2",
                  "product_id": "T050227"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 12.0.2",
                "product": {
                  "name": "Atlassian Bamboo Data Center 12.0.2",
                  "product_id": "T050227-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__12.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.13",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c10.2.13",
                  "product_id": "T050228"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.13",
                "product": {
                  "name": "Atlassian Bamboo Data Center 10.2.13",
                  "product_id": "T050228-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.6.21",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c9.6.21",
                  "product_id": "T050229"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.6.21",
                "product": {
                  "name": "Atlassian Bamboo Data Center 9.6.21",
                  "product_id": "T050229-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__9.6.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.1.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.1.1",
                  "product_id": "T050230"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.1.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.1.1",
                  "product_id": "T050230-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.4.15",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c9.4.15",
                  "product_id": "T050231"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.4.15",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 9.4.15",
                  "product_id": "T050231-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c8.19.26",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c8.19.26",
                  "product_id": "T050232"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 8.19.26",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 8.19.26",
                  "product_id": "T050232-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__8.19.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.2",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c10.2.2",
                  "product_id": "T050233"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.2",
                "product": {
                  "name": "Atlassian Confluence Data Center 10.2.2",
                  "product_id": "T050233-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__10.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c9.2.13",
                  "product_id": "T050234"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center 9.2.13",
                  "product_id": "T050234-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__9.2.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.3.0",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.3.0",
                  "product_id": "T050235"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.3.0",
                "product": {
                  "name": "Atlassian Jira Data Center 11.3.0",
                  "product_id": "T050235-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.2.1",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.2.1",
                  "product_id": "T050236"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.2.1",
                "product": {
                  "name": "Atlassian Jira Data Center 11.2.1",
                  "product_id": "T050236-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.16",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c10.3.16",
                  "product_id": "T050237"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.16",
                "product": {
                  "name": "Atlassian Jira Data Center 10.3.16",
                  "product_id": "T050237-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__10.3.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.26",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.26",
                  "product_id": "T050238"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.26",
                "product": {
                  "name": "Atlassian Jira 9.12.26",
                  "product_id": "T050238-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.12",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c19.12",
                  "product_id": "T050283"
                }
              },
              {
                "category": "product_version",
                "name": "19.12",
                "product": {
                  "name": "Dell Data Protection Advisor 19.12",
                  "product_id": "T050283-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:data_protection_advisor:19.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3807",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2022-25883",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-45693",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2022-45693"
    },
    {
      "cve": "CVE-2024-21538",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-21538"
    },
    {
      "cve": "CVE-2024-38286",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-38286"
    },
    {
      "cve": "CVE-2024-45296",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-45296"
    },
    {
      "cve": "CVE-2024-45801",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-45801"
    },
    {
      "cve": "CVE-2025-12383",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-12383"
    },
    {
      "cve": "CVE-2025-15284",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-15284"
    },
    {
      "cve": "CVE-2025-27152",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-27152"
    },
    {
      "cve": "CVE-2025-41249",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49146",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-49146"
    },
    {
      "cve": "CVE-2025-52434",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-52434"
    },
    {
      "cve": "CVE-2025-52999",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-53689",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-53689"
    },
    {
      "cve": "CVE-2025-54988",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-54988"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-55752",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-55752"
    },
    {
      "cve": "CVE-2025-64775",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-64775"
    },
    {
      "cve": "CVE-2025-66516",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2025-9287",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9287"
    },
    {
      "cve": "CVE-2025-9288",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9288"
    },
    {
      "cve": "CVE-2026-21569",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21569"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-52434 (GCVE-0-2025-52434)

WID-SEC-W-2025-1905

WID-SEC-W-2026-0177

Tags

Sightings

Nomenclature