Vulnerability-Lookup

CVE-2025-9287 (GCVE-0-2025-9287)

Vulnerability from cvelistv5 – Published: 2025-08-20 21:43 – Updated: 2025-11-03 18:14

Title

Missing type checks leading to hash rewind and passing on crafted data

Summary

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

Severity

9.1 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

2 references

URL	Tags
https://github.com/browserify/cipher-base/securit…	vendor-advisory
https://github.com/browserify/cipher-base/pull/23	patch

Impacted products

1 product

Vendor	Product	Version
		Affected: 0 , ≤ 1.0.4 (semver)

Credits

https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ljharb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9287",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T13:25:49.498638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T14:48:11.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:14:17.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/cipher-base",
          "defaultStatus": "unaffected",
          "packageName": "cipher-base",
          "repo": "https://github.com/browserify/cipher-base",
          "versions": [
            {
              "lessThanOrEqual": "1.0.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "https://github.com/ljharb"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.\u003cp\u003eThis issue affects cipher-base: through 1.0.4.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T21:43:56.548Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/browserify/cipher-base/pull/23"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing type checks leading to hash rewind and passing on crafted data",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-9287",
    "datePublished": "2025-08-20T21:43:56.548Z",
    "dateReserved": "2025-08-20T21:38:26.339Z",
    "dateUpdated": "2025-11-03T18:14:17.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-9287",
      "date": "2026-05-30",
      "epss": "0.00152",
      "percentile": "0.35512"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9287\",\"sourceIdentifier\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"published\":\"2025-08-20T22:15:30.557\",\"lastModified\":\"2025-11-03T19:16:17.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de validaci\u00f3n de entrada incorrecta en cipher-base permite la manipulaci\u00f3n de datos de entrada. Este problema afecta a cipher-base: hasta 1.0.4.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:browserify:cipher-base:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.0.4\",\"matchCriteriaId\":\"485D8065-DEFF-404E-934D-DCA8E4C10860\"}]}]}],\"references\":[{\"url\":\"https://github.com/browserify/cipher-base/pull/23\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9287\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-21T13:25:49.498638Z\"}}}], \"references\": [{\"url\": \"https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-21T13:25:51.520Z\"}}], \"cna\": {\"title\": \"Missing type checks leading to hash rewind and passing on crafted data\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"https://github.com/ChALkeR\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"https://github.com/ChALkeR\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"https://github.com/ChALkeR\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"https://github.com/ljharb\"}], \"impacts\": [{\"capecId\": \"CAPEC-153\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-153 Input Data Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/browserify/cipher-base\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.4\"}], \"packageName\": \"cipher-base\", \"collectionURL\": \"https://npmjs.com/cipher-base\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/browserify/cipher-base/pull/23\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.\u003cp\u003eThis issue affects cipher-base: through 1.0.4.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"shortName\": \"harborist\", \"dateUpdated\": \"2025-08-20T21:43:56.548Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9287\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T14:48:11.690Z\", \"dateReserved\": \"2025-08-20T21:38:26.339Z\", \"assignerOrgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"datePublished\": \"2025-08-20T21:43:56.548Z\", \"assignerShortName\": \"harborist\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2025-2078

Vulnerability from csaf_certbund - Published: 2025-09-16 22:00 - Updated: 2026-03-03 23:00

Summary

Red Hat Enterprise Linux (Developer Hub): Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Developer Hub ausnutzen, um Sicherheitsvorkehrungen zu umgehen Informationen offenzulegen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme: - Linux

CVE-2025-9287

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Splunk SOAR <7.1.0 Splunk / SOAR		<7.1.0
Red Hat Enterprise Linux Developer Hub <1.7.1 Red Hat / Enterprise Linux		Developer Hub <1.7.1

CVE-2025-9288

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Splunk SOAR <7.1.0 Splunk / SOAR		<7.1.0
Red Hat Enterprise Linux Developer Hub <1.7.1 Red Hat / Enterprise Linux		Developer Hub <1.7.1

References

14 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2025:16020	external
https://access.redhat.com/security/cve/CVE-2025-9287	external
https://access.redhat.com/security/cve/CVE-2025-9288	external
https://access.redhat.com/errata/RHSA-2025:18278	external
https://access.redhat.com/errata/RHSA-2025:18744	external
https://access.redhat.com/errata/RHSA-2025:19335	external
https://access.redhat.com/errata/RHSA-2025:19332	external
https://access.redhat.com/errata/RHSA-2025:22905	external
https://access.redhat.com/errata/RHSA-2026:0627	external
https://advisory.splunk.com//advisories/SVD-2026-0201	external
https://access.redhat.com/errata/RHSA-2026:3710	external
https://access.redhat.com/errata/RHSA-2026:3712	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Developer Hub ausnutzen, um Sicherheitsvorkehrungen zu umgehen Informationen offenzulegen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2078 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2078.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2078 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2078"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2025-09-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:16020"
      },
      {
        "category": "external",
        "summary": "RedHat Customer Portal vom 2025-09-16",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9287"
      },
      {
        "category": "external",
        "summary": "RedHat Customer Portal vom 2025-09-16",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9288"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18278 vom 2025-10-18",
        "url": "https://access.redhat.com/errata/RHSA-2025:18278"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18744 vom 2025-10-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:18744"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:19335 vom 2025-10-30",
        "url": "https://access.redhat.com/errata/RHSA-2025:19335"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:19332 vom 2025-11-03",
        "url": "https://access.redhat.com/errata/RHSA-2025:19332"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22905 vom 2025-12-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:22905"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0627 vom 2026-01-14",
        "url": "https://access.redhat.com/errata/RHSA-2026:0627"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2026-0201 vom 2026-02-04",
        "url": "https://advisory.splunk.com//advisories/SVD-2026-0201"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3710 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3710"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3712 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3712"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux (Developer Hub): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-03T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-04T11:17:43.715+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2078",
      "initial_release_date": "2025-09-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-19T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-30T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-03T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-08T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-14T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2026-03-03T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Developer Hub \u003c1.7.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Developer Hub \u003c1.7.1",
                  "product_id": "T047046"
                }
              },
              {
                "category": "product_version",
                "name": "Developer Hub 1.7.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Developer Hub 1.7.1",
                  "product_id": "T047046-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:developer_hub__1.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.1.0",
                "product": {
                  "name": "Splunk SOAR \u003c7.1.0",
                  "product_id": "T050521"
                }
              },
              {
                "category": "product_version",
                "name": "7.1.0",
                "product": {
                  "name": "Splunk SOAR 7.1.0",
                  "product_id": "T050521-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:soar:7.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SOAR"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9287",
      "product_status": {
        "known_affected": [
          "67646",
          "T050521",
          "T047046"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-9287"
    },
    {
      "cve": "CVE-2025-9288",
      "product_status": {
        "known_affected": [
          "67646",
          "T050521",
          "T047046"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-9288"
    }
  ]
}

WID-SEC-W-2026-0177

Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-28 23:00

Summary

Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, und um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2021-3807

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2022-25883

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2022-45693

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-21538

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-38286

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-45296

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2024-45801

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-12383

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-15284

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-27152

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-41249

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-48976

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-48989

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-49146

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-52434

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-52999

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-53689

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-54988

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-55163

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-55752

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-64775

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-66516

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-9287

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2025-9288

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

CVE-2026-21569

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
Atlassian Jira Data Center <11.3.0 Atlassian / Jira		Data Center <11.3.0
Atlassian Confluence Data Center <9.2.13 Atlassian / Confluence		Data Center <9.2.13
Atlassian Jira Data Center <10.3.16 Atlassian / Jira		Data Center <10.3.16
Atlassian Jira Data Center <11.2.1 Atlassian / Jira		Data Center <11.2.1
Atlassian Bitbucket Data Center <9.4.15 Atlassian / Bitbucket		Data Center <9.4.15
Atlassian Bitbucket Data Center <10.1.1 Atlassian / Bitbucket		Data Center <10.1.1
Atlassian Confluence Data Center <10.2.2 Atlassian / Confluence		Data Center <10.2.2
Atlassian Bitbucket Data Center <8.19.26 Atlassian / Bitbucket		Data Center <8.19.26
Atlassian Bamboo Data Center <10.2.13 Atlassian / Bamboo		Data Center <10.2.13
Atlassian Bamboo Data Center <12.0.2 Atlassian / Bamboo		Data Center <12.0.2
Atlassian Jira <9.12.26 Atlassian / Jira		<9.12.26
Atlassian Bamboo Data Center <9.6.21 Atlassian / Bamboo		Data Center <9.6.21

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://www.dell.com/support/kbdoc/en-us/00028173…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0177 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0177.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0177 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0177"
      },
      {
        "category": "external",
        "summary": "Atlassian Support Security Bulletin vom 2026-01-20",
        "url": "https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html"
      },
      {
        "category": "external",
        "summary": "Deell Security Update",
        "url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-28T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-29T07:51:12.449+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0177",
      "initial_release_date": "2026-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-4913"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c12.0.2",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c12.0.2",
                  "product_id": "T050227"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 12.0.2",
                "product": {
                  "name": "Atlassian Bamboo Data Center 12.0.2",
                  "product_id": "T050227-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__12.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.13",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c10.2.13",
                  "product_id": "T050228"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.13",
                "product": {
                  "name": "Atlassian Bamboo Data Center 10.2.13",
                  "product_id": "T050228-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.6.21",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c9.6.21",
                  "product_id": "T050229"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.6.21",
                "product": {
                  "name": "Atlassian Bamboo Data Center 9.6.21",
                  "product_id": "T050229-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__9.6.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.1.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.1.1",
                  "product_id": "T050230"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.1.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.1.1",
                  "product_id": "T050230-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.4.15",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c9.4.15",
                  "product_id": "T050231"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.4.15",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 9.4.15",
                  "product_id": "T050231-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c8.19.26",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c8.19.26",
                  "product_id": "T050232"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 8.19.26",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 8.19.26",
                  "product_id": "T050232-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__8.19.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.2",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c10.2.2",
                  "product_id": "T050233"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.2",
                "product": {
                  "name": "Atlassian Confluence Data Center 10.2.2",
                  "product_id": "T050233-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__10.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c9.2.13",
                  "product_id": "T050234"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center 9.2.13",
                  "product_id": "T050234-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__9.2.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.3.0",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.3.0",
                  "product_id": "T050235"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.3.0",
                "product": {
                  "name": "Atlassian Jira Data Center 11.3.0",
                  "product_id": "T050235-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.2.1",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.2.1",
                  "product_id": "T050236"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.2.1",
                "product": {
                  "name": "Atlassian Jira Data Center 11.2.1",
                  "product_id": "T050236-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.16",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c10.3.16",
                  "product_id": "T050237"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.16",
                "product": {
                  "name": "Atlassian Jira Data Center 10.3.16",
                  "product_id": "T050237-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__10.3.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.26",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.26",
                  "product_id": "T050238"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.26",
                "product": {
                  "name": "Atlassian Jira 9.12.26",
                  "product_id": "T050238-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.12",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c19.12",
                  "product_id": "T050283"
                }
              },
              {
                "category": "product_version",
                "name": "19.12",
                "product": {
                  "name": "Dell Data Protection Advisor 19.12",
                  "product_id": "T050283-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:data_protection_advisor:19.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3807",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2022-25883",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-45693",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2022-45693"
    },
    {
      "cve": "CVE-2024-21538",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-21538"
    },
    {
      "cve": "CVE-2024-38286",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-38286"
    },
    {
      "cve": "CVE-2024-45296",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-45296"
    },
    {
      "cve": "CVE-2024-45801",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-45801"
    },
    {
      "cve": "CVE-2025-12383",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-12383"
    },
    {
      "cve": "CVE-2025-15284",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-15284"
    },
    {
      "cve": "CVE-2025-27152",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-27152"
    },
    {
      "cve": "CVE-2025-41249",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49146",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-49146"
    },
    {
      "cve": "CVE-2025-52434",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-52434"
    },
    {
      "cve": "CVE-2025-52999",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-53689",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-53689"
    },
    {
      "cve": "CVE-2025-54988",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-54988"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-55752",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-55752"
    },
    {
      "cve": "CVE-2025-64775",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-64775"
    },
    {
      "cve": "CVE-2025-66516",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2025-9287",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9287"
    },
    {
      "cve": "CVE-2025-9288",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9288"
    },
    {
      "cve": "CVE-2026-21569",
      "product_status": {
        "known_affected": [
          "T050283",
          "T050235",
          "T050234",
          "T050237",
          "T050236",
          "T050231",
          "T050230",
          "T050233",
          "T050232",
          "T050228",
          "T050227",
          "T050238",
          "T050229"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21569"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-9287 (GCVE-0-2025-9287)

WID-SEC-W-2025-2078

WID-SEC-W-2026-0177

Tags

Sightings

Nomenclature