Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-24998 (GCVE-0-2023-24998)
Vulnerability from cvelistv5 – Published: 2023-02-20 15:57 – Updated: 2025-11-03 21:47
VLAI?
EPSS
Title
Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
Summary
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Severity ?
No CVSS data available.
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Commons FileUpload |
Affected:
0 , < 1.5
(semver)
|
|||||||
|
|||||||||
Credits
Jakob Ackermann
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:24.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230302-0013/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Commons FileUpload",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "11.0.0-M1"
},
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "10.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.70",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.84",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakob Ackermann"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:06:16.472Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-24998",
"datePublished": "2023-02-20T15:57:07.372Z",
"dateReserved": "2023-02-01T10:32:05.492Z",
"dateUpdated": "2025-11-03T21:47:24.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-24998",
"date": "2026-05-10",
"epss": "0.33175",
"percentile": "0.9694"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0\", \"versionEndExcluding\": \"1.5\", \"matchCriteriaId\": \"7B386378-64A5-417D-9FE8-F25AE7A26459\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n new configuration option (FileUploadBase#setFileCountMax) is not\\n enabled by default and must be explicitly configured.\\n\\n\\n\"}]",
"id": "CVE-2023-24998",
"lastModified": "2024-11-21T07:48:54.163",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-02-20T16:15:10.423",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230302-0013/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-24998\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-02-20T16:15:10.423\",\"lastModified\":\"2025-11-03T22:16:05.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n new configuration option (FileUploadBase#setFileCountMax) is not\\n enabled by default and must be explicitly configured.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.5\",\"matchCriteriaId\":\"7B386378-64A5-417D-9FE8-F25AE7A26459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230302-0013/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2024-AVI-0324
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle Solaris version 11 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2022-34381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
},
{
"name": "CVE-2024-21105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2021-36374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2024-21059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2024-21104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2024-20999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0324",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2023-AVI-0574
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center versions 6.1.3.x antérieures à 6.1.3.0 iFix18 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 7 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 2 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 à 1.5.0.2.x antérieures à 1.5.0.2.iFix36 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de sécurité | ||
| IBM | N/A | AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 à 7.1.916.2601 sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.4.0 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center versions 6.1.3.x ant\u00e9rieures \u00e0 6.1.3.0 iFix18",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 \u00e0 1.5.0.2.x ant\u00e9rieures \u00e0 1.5.0.2.iFix36",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 \u00e0 7.1.916.2601 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM version 7.4.0 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-25929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25929"
},
{
"name": "CVE-2019-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2021-39034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39034"
},
{
"name": "CVE-2020-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
},
{
"name": "CVE-2019-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
},
{
"name": "CVE-2021-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
},
{
"name": "CVE-2019-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
},
{
"name": "CVE-2022-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3736"
},
{
"name": "CVE-2020-4682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
},
{
"name": "CVE-2023-28530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28530"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2019-4614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
},
{
"name": "CVE-2019-4762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
},
{
"name": "CVE-2019-4655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2020-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
},
{
"name": "CVE-2019-4656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-3924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
},
{
"name": "CVE-2019-4227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4227"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2019-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-4261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
},
{
"name": "CVE-2019-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-4310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4310"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0574",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7013143 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7013143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7011771 du 13 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7011771"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7013297 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7013297"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012711 du 18 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012711"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012621 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012621"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012395 du 17 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012395"
}
]
}
CERTFR-2023-AVI-0574
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center versions 6.1.3.x antérieures à 6.1.3.0 iFix18 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 7 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 2 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 à 1.5.0.2.x antérieures à 1.5.0.2.iFix36 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de sécurité | ||
| IBM | N/A | AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 à 7.1.916.2601 sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.4.0 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center versions 6.1.3.x ant\u00e9rieures \u00e0 6.1.3.0 iFix18",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 \u00e0 1.5.0.2.x ant\u00e9rieures \u00e0 1.5.0.2.iFix36",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 \u00e0 7.1.916.2601 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM version 7.4.0 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-25929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25929"
},
{
"name": "CVE-2019-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2021-39034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39034"
},
{
"name": "CVE-2020-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
},
{
"name": "CVE-2019-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
},
{
"name": "CVE-2021-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
},
{
"name": "CVE-2019-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
},
{
"name": "CVE-2022-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3736"
},
{
"name": "CVE-2020-4682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
},
{
"name": "CVE-2023-28530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28530"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2019-4614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
},
{
"name": "CVE-2019-4762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
},
{
"name": "CVE-2019-4655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2020-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
},
{
"name": "CVE-2019-4656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-3924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
},
{
"name": "CVE-2019-4227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4227"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2019-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-4261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
},
{
"name": "CVE-2019-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-4310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4310"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0574",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7013143 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7013143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7011771 du 13 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7011771"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7013297 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7013297"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012711 du 18 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012711"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012621 du 19 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012621"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7012395 du 17 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7012395"
}
]
}
CERTFR-2023-AVI-0513
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service, une injection de code indirecte à distance (XSS), une élévation de privilèges, un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct File Agent versions 1.4.x antérieures à 1.4.0.2_iFix042 | ||
| IBM | Sterling Connect:Direct | BM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.17 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.4_iFix039 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.x antérieures à 7.5.0 UP6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix064 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix068 | ||
| IBM | N/A | IBM Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.19 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.0_iFix007 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct File Agent versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.2_iFix042",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.17",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4_iFix039",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM version 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix064",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix068",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.19",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.0_iFix007",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2015-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0254"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-20859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20859"
},
{
"name": "CVE-2022-34917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0513",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, un d\u00e9ni de service, une\ninjection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010099 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009987 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009987"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009301 du 07 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009301"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010095 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010095"
}
]
}
CERTFR-2023-AVI-0150
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache Tomcat versions 8.5.x ant\u00e9rieures \u00e0 8.5.85",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Apache Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.71",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0150",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apache Tomcat. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache 9.0.71 du 19 f\u00e9vrier 2023",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.71"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache 8.5.85 du 19 f\u00e9vrier 2023",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.85"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2023-AVI-0798
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | MaaS360 | Module VPN MaaS360 versions antérieures à 3.000.200 | ||
| IBM | QRadar | QRadar Data Synchronization App versions 1.0.x à 3.1.1 antérieures à 3.1.2 | ||
| IBM | Tivoli | Tivoli Netcool Impact versions 7.1.x antérieures à 7.1.0.31 | ||
| IBM | MaaS360 | MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.200 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Module VPN MaaS360 versions ant\u00e9rieures \u00e0 3.000.200",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions 1.0.x \u00e0 3.1.1 ant\u00e9rieures \u00e0 3.1.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool Impact versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.31",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.200",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28867"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0798",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7043471 du 02 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7043471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7042785 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7042785"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7043103 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7043103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040883 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040883"
}
]
}
CERTFR-2023-AVI-0444
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x antérieures à 6.2.2.1 | ||
| IBM | MaaS360 | IBM MaaS360 Cloud Extender Base Module versions antérieures à 3.000.100.069 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x antérieures à 6.2.0.6 | ||
| IBM | MaaS360 | IBM MaaS360 PKI Certificate Module versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x antérieures à 6.2.1.3 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x antérieures à 6.1.2.8 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x antérieures à 6.2.0.6 | ||
| IBM | MaaS360 | IBM MaaS360 VPN versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x antérieures à 6.1.2.8 | ||
| IBM | QRadar User Behavior Analytics | IBM QRadar User Behavior Analytics versions 1.x à 4.1.x antérieures à 4.1.12 | ||
| IBM | MaaS360 | IBM MaaS360 Configuration Utility versions antérieures à 3.000.100 | ||
| IBM | QRadar Deployment Intelligence App | IBM QRadar Deployment Intelligence App versions 2.x à 3.0.x antérieures à 3.0.10 | ||
| IBM | MaaS360 | IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x antérieures à 6.2.2.1 | ||
| IBM | MaaS360 | IBM MaaS360 Cloud Extender Agent versions antérieures à 3.000.100.069 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x antérieures à 6.2.1.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Cloud Extender Base Module versions ant\u00e9rieures \u00e0 3.000.100.069",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 PKI Certificate Module versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 VPN versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Configuration Utility versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Deployment Intelligence App versions 2.x \u00e0 3.0.x ant\u00e9rieures \u00e0 3.0.10",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 3.000.100.069",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0444",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001723 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001723"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001639 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001639"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001571 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001571"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001689 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001689"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001643 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001815 du 07 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001815"
}
]
}
CERTFR-2023-AVI-0295
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs évoqués dans le bulletin de sécurité IBM 6982047 du 06 avril 2023 | ||
| IBM | WebSphere | IBM WebSphere Hybrid Edition version 5.1 sans les correctifs évoqués dans le bulletin de sécurité IBM 6982047 du 06 avril 2023 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs \u00e9voqu\u00e9s dans le bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Hybrid Edition version 5.1 sans les correctifs \u00e9voqu\u00e9s dans le bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [
{
"title": "Avis CERT-FR CERTFR-2023-AVI-0290 du 07 avril 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0290/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982047"
}
],
"reference": "CERTFR-2023-AVI-0295",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM WebSphere. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982141 du 07 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982141"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982539 du 10 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982539"
}
]
}
CERTFR-2023-AVI-0205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM WebSphere. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Service Registry and Repository versions 8.5.0 \u00e0 8.5.6.3 sans les correctifs de s\u00e9curit\u00e9 IJ40949 et IJ45702",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40664"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-09T00:00:00.000000"
},
{
"description": "Suppression d\u0027une source",
"revision_date": "2023-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM WebSphere\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6962169 du 08 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6962169"
}
]
}
CERTFR-2023-AVI-0791
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM SOAR QRadar Plugin App versions antérieures à 5.0.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 12.0.x antérieures à 12.0.1 | ||
| IBM | Sterling | IBM Sterling Global Mailbox versions 6.x antérieures à 6.1.2.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x et 11.2.x antérieures à 11.2.4 Fix Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.21.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Global Mailbox versions 6.x ant\u00e9rieures \u00e0 6.1.2.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x et 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.21.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-45787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45787"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2019-14806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14806"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2023-30601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30601"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040672 du 27 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040672"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029380 du 15 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7029380"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7039222 du 26 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7039222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040744 du 27 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040744"
}
]
}
CERTFR-2024-AVI-0529
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | Cloud Pak | IBM Cognos Dashboards sur Cloud Pak for Data versions antérieures à 5.0 | ||
| IBM | N/A | WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | N/A | IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 12.x antérieures à 12.0.3 IF1 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Dashboards sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.3 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-37532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37532"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2017-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20189"
},
{
"name": "CVE-2010-4756",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4756"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2024-27322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27322"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2019-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0231"
},
{
"name": "CVE-2024-25041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25041"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41973"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46750"
},
{
"name": "CVE-2023-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46749"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2024-28233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28233"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2023-37466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37466"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37903"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2021-20086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20086"
},
{
"name": "CVE-2017-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20162"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-25053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25053"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2021-3377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3377"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0529",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7156941",
"url": "https://www.ibm.com/support/pages/node/7156941"
},
{
"published_at": "2024-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158537",
"url": "https://www.ibm.com/support/pages/node/7158537"
},
{
"published_at": "2024-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157712",
"url": "https://www.ibm.com/support/pages/node/7157712"
},
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158652",
"url": "https://www.ibm.com/support/pages/node/7158652"
},
{
"published_at": "2024-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158539",
"url": "https://www.ibm.com/support/pages/node/7158539"
},
{
"published_at": "2024-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158762",
"url": "https://www.ibm.com/support/pages/node/7158762"
}
]
}
CERTFR-2024-AVI-0228
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.2_iFix012 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0 sans le correctif de sécurité iFix 03 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.3 sans le correctif de sécurité iFix 11 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.2.x antérieures à 6.2.2.2 sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF06 | ||
| IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.6_iFix012 | ||
| IBM | Db2 | IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de sécurité SI85982 et SI85987 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.0.x antérieures à 6.2.0.7 sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Connect - Direct File Agent versions 1.4.0.x antérieures à 1.4.0.3_iFix004 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.1.2.x antérieures à 6.1.2.9 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.2_iFix012",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 03",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 11",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF06",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6_iFix012",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de s\u00e9curit\u00e9 SI85982 et SI85987",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.7 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect - Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.3_iFix004",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47699"
},
{
"name": "CVE-2023-46179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46179"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-46182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46182"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-47147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47147"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2023-34034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34034"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39685"
},
{
"name": "CVE-2023-47162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47162"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2023-45177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45177"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2023-46181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46181"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0228",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142007 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142007"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142038 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138527 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138527"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138509 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138509"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7140420 du 13 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7140420"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138477 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138477"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142032 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142032"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138522 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138522"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7137248 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7137248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7137258 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7137258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138503 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138503"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142006 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142006"
}
]
}
CERTFR-2024-AVI-0324
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle Solaris version 11 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2022-34381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
},
{
"name": "CVE-2024-21105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2021-36374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2024-21059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2024-21104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2024-20999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0324",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2023-AVI-0484
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | IBM Storage Protect Operations Center versions 8.1.0.000 à 8.1.18.xxx antérieures à 8.1.19 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5.0 UP6 | ||
| IBM | Storage Protect | IBM Storage Protect Server versions 8.1.0.000 à 8.1.18.xxx antérieures 8.1.19 | ||
| IBM | Db2 | IBM Db2 Warehouse versions antérieures à 11.5.8.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.0 à 10.1.14 antérieures 10.1.15 | ||
| IBM | Storage Protect | IBM Storage Protect Backup-Archive Client versions 8.1.0.0 à 8.1.17.2 antérieures 8.1.19.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 à 10.1.14 antérieures à 10.1.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Storage Protect Operations Center versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures \u00e0 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Server versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Warehouse versions ant\u00e9rieures \u00e0 11.5.8.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.0 \u00e0 10.1.14 ant\u00e9rieures 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Backup-Archive Client versions 8.1.0.0 \u00e0 8.1.17.2 ant\u00e9rieures 8.1.19.0",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 \u00e0 10.1.14 ant\u00e9rieures \u00e0 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2022-41727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41727"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-1280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1280"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0484",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005589 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005553 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005553"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6999973 du 19 juin 2023",
"url": "https://www.ibm.com/support/pages/node/6999973"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005519"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006395 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006395"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005949 du 21 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005949"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006069 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006069"
}
]
}
CERTFR-2023-AVI-0295
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs évoqués dans le bulletin de sécurité IBM 6982047 du 06 avril 2023 | ||
| IBM | WebSphere | IBM WebSphere Hybrid Edition version 5.1 sans les correctifs évoqués dans le bulletin de sécurité IBM 6982047 du 06 avril 2023 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans les correctifs \u00e9voqu\u00e9s dans le bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Hybrid Edition version 5.1 sans les correctifs \u00e9voqu\u00e9s dans le bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [
{
"title": "Avis CERT-FR CERTFR-2023-AVI-0290 du 07 avril 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0290/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982047"
}
],
"reference": "CERTFR-2023-AVI-0295",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM WebSphere. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982141 du 07 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982141"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982539 du 10 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982539"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2023-AVI-0839
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
| IBM | Db2 | IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité | ||
| IBM | Db2 | IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité | ||
| IBM | Db2 | IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64 | ||
| IBM | N/A | IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
| IBM | Db2 | IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2023-32697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2023-29256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2023-30431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-35012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
},
{
"name": "CVE-2023-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-27869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-32342",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-29007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2023-27868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-20867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2023-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2023-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
},
{
"name": "CVE-2023-30442",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2023-27867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
},
{
"name": "CVE-2023-34396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-30448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2023-27558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2023-34981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34981"
},
{
"name": "CVE-2023-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-30994",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30994"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-25652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25652"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-23487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-40367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40367"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2023-34149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0839",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047565"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049129"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047481"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049434"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047499"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047754"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047724"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049435"
}
]
}
CERTFR-2023-AVI-0563
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions 5.7.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22033"
},
{
"name": "CVE-2023-22038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22038"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22057"
},
{
"name": "CVE-2023-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22058"
},
{
"name": "CVE-2023-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22005"
},
{
"name": "CVE-2023-22048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22048"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2023-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22008"
},
{
"name": "CVE-2023-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22056"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-22046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22046"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22054"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21950"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2024-AVI-0228
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.2_iFix012 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0 sans le correctif de sécurité iFix 03 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.3 sans le correctif de sécurité iFix 11 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.2.x antérieures à 6.2.2.2 sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF06 | ||
| IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.6_iFix012 | ||
| IBM | Db2 | IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de sécurité SI85982 et SI85987 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.0.x antérieures à 6.2.0.7 sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Connect - Direct File Agent versions 1.4.0.x antérieures à 1.4.0.3_iFix004 | ||
| IBM | Sterling | Sterling Partner Engagement Manager versions 6.1.2.x antérieures à 6.1.2.9 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.2_iFix012",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 03",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 11",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF06",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6_iFix012",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de s\u00e9curit\u00e9 SI85982 et SI85987",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.7 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect - Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.3_iFix004",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47699"
},
{
"name": "CVE-2023-46179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46179"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-46182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46182"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-47147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47147"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2023-34034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34034"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39685"
},
{
"name": "CVE-2023-47162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47162"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2023-45177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45177"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2023-46181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46181"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0228",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142007 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142007"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142038 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138527 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138527"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138509 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138509"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7140420 du 13 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7140420"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138477 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138477"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142032 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142032"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138522 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138522"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7137248 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7137248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7137258 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7137258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7138503 du 12 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7138503"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7142006 du 14 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7142006"
}
]
}
CERTFR-2024-AVI-0959
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | OnCommand Insight | OnCommand Insight versions antérieures à 7.3.16 | ||
| NetApp | StorageGRID | StorageGRID (anciennement StorageGRID Webscale) versions antérieures à 11.9.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCommand Insight versions ant\u00e9rieures \u00e0 7.3.16",
"product": {
"name": "OnCommand Insight",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "StorageGRID (anciennement StorageGRID Webscale) versions ant\u00e9rieures \u00e0 11.9.0",
"product": {
"name": "StorageGRID",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2017-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20189"
},
{
"name": "CVE-2010-4756",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4756"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2024-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21994"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-25041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25041"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46750"
},
{
"name": "CVE-2023-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46749"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2023-37466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37466"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37903"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2021-20086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20086"
},
{
"name": "CVE-2017-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20162"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-25053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25053"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2021-3377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3377"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0959",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0001",
"url": "https://security.netapp.com/advisory/ntap-20241108-0001/"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0002",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
]
}
CERTFR-2023-AVI-0290
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits IBM. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Application Server Liberty 17.0.0.3 à 23.0.0.3 antérieures à 23.0.0.4 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5 antérieures à 8.5.5.24 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.0 antérieures à 9.0.5.16 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Application Server Liberty 17.0.0.3 \u00e0 23.0.0.3 ant\u00e9rieures \u00e0 23.0.0.4 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5 ant\u00e9rieures \u00e0 8.5.5.24 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.0 ant\u00e9rieures \u00e0 9.0.5.16 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982047"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2023-AVI-0444
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x antérieures à 6.2.2.1 | ||
| IBM | MaaS360 | IBM MaaS360 Cloud Extender Base Module versions antérieures à 3.000.100.069 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x antérieures à 6.2.0.6 | ||
| IBM | MaaS360 | IBM MaaS360 PKI Certificate Module versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x antérieures à 6.2.1.3 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x antérieures à 6.1.2.8 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x antérieures à 6.2.0.6 | ||
| IBM | MaaS360 | IBM MaaS360 VPN versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x antérieures à 6.1.2.8 | ||
| IBM | QRadar User Behavior Analytics | IBM QRadar User Behavior Analytics versions 1.x à 4.1.x antérieures à 4.1.12 | ||
| IBM | MaaS360 | IBM MaaS360 Configuration Utility versions antérieures à 3.000.100 | ||
| IBM | QRadar Deployment Intelligence App | IBM QRadar Deployment Intelligence App versions 2.x à 3.0.x antérieures à 3.0.10 | ||
| IBM | MaaS360 | IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.100 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x antérieures à 6.2.2.1 | ||
| IBM | MaaS360 | IBM MaaS360 Cloud Extender Agent versions antérieures à 3.000.100.069 | ||
| IBM | Sterling | IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x antérieures à 6.2.1.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Cloud Extender Base Module versions ant\u00e9rieures \u00e0 3.000.100.069",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 PKI Certificate Module versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 VPN versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Configuration Utility versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Deployment Intelligence App versions 2.x \u00e0 3.0.x ant\u00e9rieures \u00e0 3.0.10",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.100",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 3.000.100.069",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0444",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001723 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001723"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001639 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001639"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001571 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001571"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001689 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001689"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001643 du 06 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7001815 du 07 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7001815"
}
]
}
CERTFR-2023-AVI-0245
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | IBM AIX versions 7.3.x antérieures à 7.3.0 SP04 ou 7.3.1 SP02 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection pour Microsoft Hyper-V versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | AIX | IBM AIX versions 7.1.x antérieures à 7.1.5 SP12 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.1.3.0 sans le correctif de sécurité iFix16 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.18 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection pour VMware versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | VIOS | IBM VIOS versions 3.1.3.x antérieures à 3.1.3.30 | ||
| IBM | VIOS | IBM VIOS versions 3.1.4.x antérieures à 3.1.4.20 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.3.0.0 sans le correctif de sécurité iFix02 | ||
| IBM | VIOS | IBM VIOS versions 3.1.x antérieures à 3.1.2.50 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.2.1.0 sans le correctif de sécurité iFix11 | ||
| IBM | AIX | IBM AIX versions 7.2.x antérieures à 7.2.5 SP06 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.17.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM AIX versions 7.3.x ant\u00e9rieures \u00e0 7.3.0 SP04 ou 7.3.1 SP02",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection pour Microsoft Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX versions 7.1.x ant\u00e9rieures \u00e0 7.1.5 SP12",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix16",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.18",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection pour VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.3.x ant\u00e9rieures \u00e0 3.1.3.30",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.4.x ant\u00e9rieures \u00e0 3.1.4.20",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.3.0.0 sans le correctif de s\u00e9curit\u00e9 iFix02",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.x ant\u00e9rieures \u00e0 3.1.2.50",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.2.1.0 sans le correctif de s\u00e9curit\u00e9 iFix11",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX versions 7.2.x ant\u00e9rieures \u00e0 7.2.5 SP06",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-43382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43382"
},
{
"name": "CVE-2022-25844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25844"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0245",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964174 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963642 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963786 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963786"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6962863 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6962863"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6848309 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6848309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963784 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963784"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964176 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964176"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963640 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963071 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963071"
}
]
}
CERTFR-2023-AVI-0290
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits IBM. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Application Server Liberty 17.0.0.3 à 23.0.0.3 antérieures à 23.0.0.4 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5 antérieures à 8.5.5.24 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.0 antérieures à 9.0.5.16 (disponibilité prévue pour le deuxième trimestre 2023) ou sans le correctif de sécurité temporaire PH50863 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Application Server Liberty 17.0.0.3 \u00e0 23.0.0.3 ant\u00e9rieures \u00e0 23.0.0.4 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5 ant\u00e9rieures \u00e0 8.5.5.24 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.0 ant\u00e9rieures \u00e0 9.0.5.16 (disponibilit\u00e9 pr\u00e9vue pour le deuxi\u00e8me trimestre 2023) ou sans le correctif de s\u00e9curit\u00e9 temporaire PH50863",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6982047 du 06 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6982047"
}
]
}
CERTFR-2024-AVI-0010
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM OS Image pour AIX Systems versions antérieures à AIX 7.2 TL5 SP6 sur Cloud Pak System versions antérieures à V2.3.3.7 Interim Fix 01 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM OS Image pour AIX Systems versions ant\u00e9rieures \u00e0 AIX 7.2 TL5 SP6 sur Cloud Pak System versions ant\u00e9rieures \u00e0 V2.3.3.7 Interim Fix 01",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-43646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43646"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2017-15708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15708"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105215 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105138 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7104447 du 02 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7104447"
}
]
}
CERTFR-2024-AVI-0959
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | OnCommand Insight | OnCommand Insight versions antérieures à 7.3.16 | ||
| NetApp | StorageGRID | StorageGRID (anciennement StorageGRID Webscale) versions antérieures à 11.9.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCommand Insight versions ant\u00e9rieures \u00e0 7.3.16",
"product": {
"name": "OnCommand Insight",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "StorageGRID (anciennement StorageGRID Webscale) versions ant\u00e9rieures \u00e0 11.9.0",
"product": {
"name": "StorageGRID",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2017-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20189"
},
{
"name": "CVE-2010-4756",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4756"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2024-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21994"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-25041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25041"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46750"
},
{
"name": "CVE-2023-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46749"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2023-37466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37466"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37903"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2021-20086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20086"
},
{
"name": "CVE-2017-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20162"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-25053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25053"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2021-3377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3377"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0959",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0001",
"url": "https://security.netapp.com/advisory/ntap-20241108-0001/"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0002",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
]
}
CERTFR-2023-AVI-0563
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions 5.7.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22033"
},
{
"name": "CVE-2023-22038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22038"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22057"
},
{
"name": "CVE-2023-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22058"
},
{
"name": "CVE-2023-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22005"
},
{
"name": "CVE-2023-22048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22048"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2023-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22008"
},
{
"name": "CVE-2023-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22056"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-22046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22046"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22054"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21950"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
CERTFR-2023-AVI-0976
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.20 | ||
| IBM | Sterling Connect:Direct | Interface utilisateur IBM Sterling Connect:Direct versions 1.x antérieures à 1.5.0.2 iFix-39 | ||
| IBM | QRadar | Agent QRadar WinCollect (Standalone) versions antérieures à 10.1.8 | ||
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.0.x à 6.1.x antérieures à 6.1.0.22 | ||
| IBM | QRadar | Suite QRadar versions 1.10.x antérieures à 1.10.17.0 | ||
| IBM | Sterling | IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.9 | ||
| IBM | Sterling | IBM Sterling B2B Integrator versions 6.1.0.x à 6.1.2.x antérieures à 6.1.2.3 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.10.17.0 | ||
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.20",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Interface utilisateur IBM Sterling Connect:Direct versions 1.x ant\u00e9rieures \u00e0 1.5.0.2 iFix-39",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Agent QRadar WinCollect (Standalone) versions ant\u00e9rieures \u00e0 10.1.8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.0.x \u00e0 6.1.x ant\u00e9rieures \u00e0 6.1.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Suite QRadar versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.1.0.x \u00e0 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-36313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36313"
},
{
"name": "CVE-2021-42248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-26279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26279"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36777"
},
{
"name": "CVE-2023-32001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32001"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2017-18640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18640"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-34104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"name": "CVE-2022-40155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40155"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2021-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39008"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2022-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40154"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080118 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080174 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080106 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080058 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080058"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080117 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080177 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080176 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080176"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7081403 du 22 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7081403"
}
]
}
CERTFR-2023-AVI-0245
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | IBM AIX versions 7.3.x antérieures à 7.3.0 SP04 ou 7.3.1 SP02 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection pour Microsoft Hyper-V versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | AIX | IBM AIX versions 7.1.x antérieures à 7.1.5 SP12 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.1.3.0 sans le correctif de sécurité iFix16 | ||
| IBM | Spectrum | IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.18 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments: Data Protection pour VMware versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | VIOS | IBM VIOS versions 3.1.3.x antérieures à 3.1.3.30 | ||
| IBM | VIOS | IBM VIOS versions 3.1.4.x antérieures à 3.1.4.20 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.3.0.0 sans le correctif de sécurité iFix02 | ||
| IBM | VIOS | IBM VIOS versions 3.1.x antérieures à 3.1.2.50 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center version 6.2.1.0 sans le correctif de sécurité iFix11 | ||
| IBM | AIX | IBM AIX versions 7.2.x antérieures à 7.2.5 SP06 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.17.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM AIX versions 7.3.x ant\u00e9rieures \u00e0 7.3.0 SP04 ou 7.3.1 SP02",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection pour Microsoft Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX versions 7.1.x ant\u00e9rieures \u00e0 7.1.5 SP12",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix16",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.18",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments: Data Protection pour VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.3.x ant\u00e9rieures \u00e0 3.1.3.30",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.4.x ant\u00e9rieures \u00e0 3.1.4.20",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.3.0.0 sans le correctif de s\u00e9curit\u00e9 iFix02",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM VIOS versions 3.1.x ant\u00e9rieures \u00e0 3.1.2.50",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center version 6.2.1.0 sans le correctif de s\u00e9curit\u00e9 iFix11",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX versions 7.2.x ant\u00e9rieures \u00e0 7.2.5 SP06",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-43382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43382"
},
{
"name": "CVE-2022-25844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25844"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0245",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964174 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963642 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963786 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963786"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6962863 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6962863"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6848309 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6848309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963784 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963784"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964176 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964176"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963640 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963071 du 17 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963071"
}
]
}
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
| IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
| IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
| IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-47115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-41777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2024-25035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2024-41776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
},
{
"name": "CVE-2024-45676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2024-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-41775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2024-25036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
"url": "https://www.ibm.com/support/pages/node/7178033"
},
{
"published_at": "2024-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
"url": "https://www.ibm.com/support/pages/node/7178054"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
"url": "https://www.ibm.com/support/pages/node/7177220"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
"url": "https://www.ibm.com/support/pages/node/7177981"
}
]
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
CERTFR-2023-AVI-0705
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Secure Proxy versions versions antérieures à 6.0.3 sans le correctif de sécurité iFix08 | ||
| IBM | Sterling | IBM Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 08 | ||
| IBM | Sterling | IBM Sterling Secure Proxy versions versions antérieures à 6.1.0 sans le correctif de sécurité GA | ||
| IBM | QRadar User Behavior Analytics | IBM QRadar User Behavior Analytics versions antérieures à 4.1.13 | ||
| IBM | Tivoli Monitoring | IBM Tivoli Monitoring versions 6.x.x antérieures à 6.3.0.7 Plus Service Pack 5 | ||
| IBM | Cloud Pak | IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x antérieures à 4.7.2 | ||
| IBM | Sterling | IBM Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 04 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix08",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 08",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Monitoring versions 6.x.x ant\u00e9rieures \u00e0 6.3.0.7 Plus Service Pack 5",
"product": {
"name": "Tivoli Monitoring",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 04",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2023-32697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-27554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27554"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-32342",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2022-39161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39161"
},
{
"name": "CVE-2021-43803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43803"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-24966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24966"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26920"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2023-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35890"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-29261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29261"
},
{
"name": "CVE-2021-37699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37699"
},
{
"name": "CVE-2023-34104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22874"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-32338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32338"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0705",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029765 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029766 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029766"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7027925 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7027925"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029732 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029732"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029864 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029864"
}
]
}
CERTFR-2023-AVI-0705
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Secure Proxy versions versions antérieures à 6.0.3 sans le correctif de sécurité iFix08 | ||
| IBM | Sterling | IBM Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 08 | ||
| IBM | Sterling | IBM Sterling Secure Proxy versions versions antérieures à 6.1.0 sans le correctif de sécurité GA | ||
| IBM | QRadar User Behavior Analytics | IBM QRadar User Behavior Analytics versions antérieures à 4.1.13 | ||
| IBM | Tivoli Monitoring | IBM Tivoli Monitoring versions 6.x.x antérieures à 6.3.0.7 Plus Service Pack 5 | ||
| IBM | Cloud Pak | IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x antérieures à 4.7.2 | ||
| IBM | Sterling | IBM Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 04 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix08",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 08",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Monitoring versions 6.x.x ant\u00e9rieures \u00e0 6.3.0.7 Plus Service Pack 5",
"product": {
"name": "Tivoli Monitoring",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 04",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2023-32697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-27554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27554"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-32342",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2022-39161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39161"
},
{
"name": "CVE-2021-43803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43803"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-24966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24966"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26920"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2023-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35890"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-29261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29261"
},
{
"name": "CVE-2021-37699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37699"
},
{
"name": "CVE-2023-34104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22874"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-32338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32338"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0705",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029765 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029766 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029766"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7027925 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7027925"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029732 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029732"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029864 du 31 ao\u00fbt 2023",
"url": "https://www.ibm.com/support/pages/node/7029864"
}
]
}
CERTFR-2023-AVI-0205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM WebSphere. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Service Registry and Repository versions 8.5.0 \u00e0 8.5.6.3 sans les correctifs de s\u00e9curit\u00e9 IJ40949 et IJ45702",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40664"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-09T00:00:00.000000"
},
{
"description": "Suppression d\u0027une source",
"revision_date": "2023-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM WebSphere\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6962169 du 08 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6962169"
}
]
}
CERTFR-2023-AVI-0839
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
| IBM | Db2 | IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité | ||
| IBM | Db2 | IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité | ||
| IBM | Db2 | IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64 | ||
| IBM | N/A | IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
| IBM | Db2 | IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2023-32697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2023-29256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2023-30431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-35012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
},
{
"name": "CVE-2023-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-27869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-32342",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-29007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2023-27868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-20867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2023-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2023-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
},
{
"name": "CVE-2023-30442",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2023-27867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
},
{
"name": "CVE-2023-34396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-30448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2023-27558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2023-34981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34981"
},
{
"name": "CVE-2023-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-30994",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30994"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-25652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25652"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-23487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-40367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40367"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2023-34149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0839",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047565"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049129"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047481"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049434"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047499"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047754"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7047724"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7049435"
}
]
}
CERTFR-2023-AVI-0484
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | IBM Storage Protect Operations Center versions 8.1.0.000 à 8.1.18.xxx antérieures à 8.1.19 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5.0 UP6 | ||
| IBM | Storage Protect | IBM Storage Protect Server versions 8.1.0.000 à 8.1.18.xxx antérieures 8.1.19 | ||
| IBM | Db2 | IBM Db2 Warehouse versions antérieures à 11.5.8.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.0 à 10.1.14 antérieures 10.1.15 | ||
| IBM | Storage Protect | IBM Storage Protect Backup-Archive Client versions 8.1.0.0 à 8.1.17.2 antérieures 8.1.19.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 à 10.1.14 antérieures à 10.1.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Storage Protect Operations Center versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures \u00e0 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Server versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Warehouse versions ant\u00e9rieures \u00e0 11.5.8.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.0 \u00e0 10.1.14 ant\u00e9rieures 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Backup-Archive Client versions 8.1.0.0 \u00e0 8.1.17.2 ant\u00e9rieures 8.1.19.0",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 \u00e0 10.1.14 ant\u00e9rieures \u00e0 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2022-41727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41727"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-1280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1280"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0484",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005589 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005553 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005553"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6999973 du 19 juin 2023",
"url": "https://www.ibm.com/support/pages/node/6999973"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005519"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006395 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006395"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005949 du 21 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005949"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006069 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006069"
}
]
}
CERTFR-2023-AVI-0791
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM SOAR QRadar Plugin App versions antérieures à 5.0.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 12.0.x antérieures à 12.0.1 | ||
| IBM | Sterling | IBM Sterling Global Mailbox versions 6.x antérieures à 6.1.2.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x et 11.2.x antérieures à 11.2.4 Fix Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.21.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Global Mailbox versions 6.x ant\u00e9rieures \u00e0 6.1.2.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x et 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.21.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-45787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45787"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2019-14806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14806"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2023-30601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30601"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040672 du 27 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040672"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7029380 du 15 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7029380"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7039222 du 26 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7039222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040744 du 27 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040744"
}
]
}
CERTFR-2023-AVI-0976
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.20 | ||
| IBM | Sterling Connect:Direct | Interface utilisateur IBM Sterling Connect:Direct versions 1.x antérieures à 1.5.0.2 iFix-39 | ||
| IBM | QRadar | Agent QRadar WinCollect (Standalone) versions antérieures à 10.1.8 | ||
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.0.x à 6.1.x antérieures à 6.1.0.22 | ||
| IBM | QRadar | Suite QRadar versions 1.10.x antérieures à 1.10.17.0 | ||
| IBM | Sterling | IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.9 | ||
| IBM | Sterling | IBM Sterling B2B Integrator versions 6.1.0.x à 6.1.2.x antérieures à 6.1.2.3 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.10.17.0 | ||
| IBM | Sterling Connect:Direct | Services Web IBM Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.20",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Interface utilisateur IBM Sterling Connect:Direct versions 1.x ant\u00e9rieures \u00e0 1.5.0.2 iFix-39",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Agent QRadar WinCollect (Standalone) versions ant\u00e9rieures \u00e0 10.1.8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.0.x \u00e0 6.1.x ant\u00e9rieures \u00e0 6.1.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Suite QRadar versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.9",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.1.0.x \u00e0 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Services Web IBM Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-36313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36313"
},
{
"name": "CVE-2021-42248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-26279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26279"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36777"
},
{
"name": "CVE-2023-32001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32001"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2017-18640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18640"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-34104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"name": "CVE-2022-40155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40155"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2021-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39008"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2022-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40154"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080118 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080174 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080106 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080058 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080058"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080117 du 20 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080177 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7080176 du 21 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7080176"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7081403 du 22 novembre 2023",
"url": "https://www.ibm.com/support/pages/node/7081403"
}
]
}
CERTFR-2024-AVI-0529
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | Cloud Pak | IBM Cognos Dashboards sur Cloud Pak for Data versions antérieures à 5.0 | ||
| IBM | N/A | WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | N/A | IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 12.x antérieures à 12.0.3 IF1 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Dashboards sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.3 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-37532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37532"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2017-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20189"
},
{
"name": "CVE-2010-4756",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4756"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2024-27322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27322"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2019-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0231"
},
{
"name": "CVE-2024-25041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25041"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41973"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46750"
},
{
"name": "CVE-2023-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46749"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2024-28233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28233"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2023-37466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37466"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37903"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2021-20086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20086"
},
{
"name": "CVE-2017-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20162"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-25053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25053"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2021-3377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3377"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0529",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7156941",
"url": "https://www.ibm.com/support/pages/node/7156941"
},
{
"published_at": "2024-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158537",
"url": "https://www.ibm.com/support/pages/node/7158537"
},
{
"published_at": "2024-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157712",
"url": "https://www.ibm.com/support/pages/node/7157712"
},
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158652",
"url": "https://www.ibm.com/support/pages/node/7158652"
},
{
"published_at": "2024-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158539",
"url": "https://www.ibm.com/support/pages/node/7158539"
},
{
"published_at": "2024-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158762",
"url": "https://www.ibm.com/support/pages/node/7158762"
}
]
}
CERTFR-2024-AVI-0010
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM OS Image pour AIX Systems versions antérieures à AIX 7.2 TL5 SP6 sur Cloud Pak System versions antérieures à V2.3.3.7 Interim Fix 01 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM OS Image pour AIX Systems versions ant\u00e9rieures \u00e0 AIX 7.2 TL5 SP6 sur Cloud Pak System versions ant\u00e9rieures \u00e0 V2.3.3.7 Interim Fix 01",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-43646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43646"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2017-15708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15708"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105215 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105138 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7104447 du 02 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7104447"
}
]
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
CERTFR-2023-AVI-0513
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service, une injection de code indirecte à distance (XSS), une élévation de privilèges, un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct File Agent versions 1.4.x antérieures à 1.4.0.2_iFix042 | ||
| IBM | Sterling Connect:Direct | BM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.17 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.4_iFix039 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.x antérieures à 7.5.0 UP6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix064 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix068 | ||
| IBM | N/A | IBM Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.19 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.0_iFix007 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct File Agent versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.2_iFix042",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.17",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4_iFix039",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM version 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix064",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix068",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.19",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.0_iFix007",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2015-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0254"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-20859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20859"
},
{
"name": "CVE-2022-34917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0513",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, un d\u00e9ni de service, une\ninjection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010099 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009987 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009987"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009301 du 07 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009301"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010095 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010095"
}
]
}
CERTFR-2023-AVI-0798
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | MaaS360 | Module VPN MaaS360 versions antérieures à 3.000.200 | ||
| IBM | QRadar | QRadar Data Synchronization App versions 1.0.x à 3.1.1 antérieures à 3.1.2 | ||
| IBM | Tivoli | Tivoli Netcool Impact versions 7.1.x antérieures à 7.1.0.31 | ||
| IBM | MaaS360 | MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.200 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Module VPN MaaS360 versions ant\u00e9rieures \u00e0 3.000.200",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions 1.0.x \u00e0 3.1.1 ant\u00e9rieures \u00e0 3.1.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool Impact versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.31",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.200",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28867"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0798",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7043471 du 02 octobre 2023",
"url": "https://www.ibm.com/support/pages/node/7043471"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7042785 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7042785"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7043103 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7043103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7040883 du 29 septembre 2023",
"url": "https://www.ibm.com/support/pages/node/7040883"
}
]
}
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
| IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
| IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
| IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-47115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-41777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2024-25035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2024-41776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
},
{
"name": "CVE-2024-45676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2024-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-41775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2024-25036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
"url": "https://www.ibm.com/support/pages/node/7178033"
},
{
"published_at": "2024-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
"url": "https://www.ibm.com/support/pages/node/7178054"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
"url": "https://www.ibm.com/support/pages/node/7177220"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
"url": "https://www.ibm.com/support/pages/node/7177981"
}
]
}
CERTFR-2023-AVI-0150
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache Tomcat versions 8.5.x ant\u00e9rieures \u00e0 8.5.85",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Apache Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.71",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0150",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apache Tomcat. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache 9.0.71 du 19 f\u00e9vrier 2023",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.71"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache 8.5.85 du 19 f\u00e9vrier 2023",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.85"
}
]
}
RHSA-2023_6570
Vulnerability from csaf_redhat - Published: 2023-11-07 08:49 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6570",
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173872"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2184133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184133"
},
{
"category": "external",
"summary": "2189675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189675"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6570.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2024-12-06T12:21:38+00:00",
"generator": {
"date": "2024-12-06T12:21:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:6570",
"initial_release_date": "2023-11-07T08:49:34+00:00",
"revision_history": [
{
"date": "2023-11-07T08:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023:3299
Vulnerability from csaf_redhat - Published: 2023-05-24 17:13 - Updated: 2026-05-05 10:06Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* Jenkins: Denial of Service attack (CVE-2023-27900)
* Jenkins: Denial of Service attack (CVE-2023-27901)
* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
Workaround
This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Jordy Versmissen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3299",
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "PITEAM-10",
"url": "https://issues.redhat.com/browse/PITEAM-10"
},
{
"category": "external",
"summary": "PITEAM-9",
"url": "https://issues.redhat.com/browse/PITEAM-9"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3299.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2026-05-05T10:06:13+00:00",
"generator": {
"date": "2026-05-05T10:06:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2023:3299",
"initial_release_date": "2023-05-24T17:13:53+00:00",
"revision_history": [
{
"date": "2023-05-24T17:13:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-24T17:13:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-05T10:06:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7692",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2020-07-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856376"
}
],
"notes": [
{
"category": "description",
"text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7692"
},
{
"category": "external",
"summary": "RHBZ#1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692"
}
],
"release_date": "2020-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization"
},
{
"acknowledgments": [
{
"names": [
"Jordy Versmissen"
]
}
],
"cve": "CVE-2021-4178",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034388"
}
],
"notes": [
{
"category": "description",
"text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes-client: Insecure deserialization in unmarshalYaml method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4178"
},
{
"category": "external",
"summary": "RHBZ#2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178"
}
],
"release_date": "2022-01-05T15:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes-client: Insecure deserialization in unmarshalYaml method"
},
{
"cve": "CVE-2021-46877",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46877"
},
{
"category": "external",
"summary": "RHBZ#2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877"
}
],
"release_date": "2023-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode"
},
{
"cve": "CVE-2022-22978",
"cwe": {
"id": "CWE-625",
"name": "Permissive Regular Expression"
},
"discovery_date": "2022-05-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Authorization Bypass in RegexRequestMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22978"
},
{
"category": "external",
"summary": "RHBZ#2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22978",
"url": "https://tanzu.vmware.com/security/cve-2022-22978"
}
],
"release_date": "2022-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Authorization Bypass in RegexRequestMatcher"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2023-24422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24422"
},
{
"category": "external",
"summary": "RHBZ#2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016"
}
],
"release_date": "2023-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-25761",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170039"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25761"
},
{
"category": "external",
"summary": "RHBZ#2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2023-25762",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170041"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25762"
},
{
"category": "external",
"summary": "RHBZ#2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin"
},
{
"cve": "CVE-2023-27900",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27900"
},
{
"category": "external",
"summary": "RHBZ#2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27901",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177646"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27901"
},
{
"category": "external",
"summary": "RHBZ#2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27902",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Workspace temporary directories accessible through directory browser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27902"
},
{
"category": "external",
"summary": "RHBZ#2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Workspace temporary directories accessible through directory browser"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
}
]
}
RHSA-2023:2100
Vulnerability from csaf_redhat - Published: 2023-05-03 14:05 - Updated: 2026-04-30 12:52Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Severity
Important
Notes
Topic: Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.
5.4 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Workaround
By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).
In the example below, the property has been included as an argument to the Java command.
java -Dhsqldb.method_class_names="org.me.MyClass;org.you.YourClass;org.you.lib.*" [the rest of the command line]
The above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.
The user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.
Once the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.
In hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2100",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update",
"tracking": {
"current_release_date": "2026-04-30T12:52:27+00:00",
"generator": {
"date": "2026-04-30T12:52:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:2100",
"initial_release_date": "2023-05-03T14:05:29+00:00",
"revision_history": [
{
"date": "2023-05-03T14:05:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-03T14:05:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T12:52:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.20.1",
"product": {
"name": "RHINT Camel-Springboot 3.20.1",
"product_id": "RHINT Camel-Springboot 3.20.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.20.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Net\u0027s FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-net: FTP client trusts the host from PASV response by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37533"
},
{
"category": "external",
"summary": "RHBZ#2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-net: FTP client trusts the host from PASV response by default"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31777",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145264"
}
],
"notes": [
{
"category": "description",
"text": "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-spark: XSS vulnerability in log viewer UI Javascript",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31777"
},
{
"category": "external",
"summary": "RHBZ#2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777"
}
],
"release_date": "2022-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-spark: XSS vulnerability in log viewer UI Javascript"
},
{
"cve": "CVE-2022-33681",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client\u0027s authentication data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33681"
},
{
"category": "external",
"summary": "RHBZ#2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM"
},
{
"cve": "CVE-2022-37865",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-ivy: Directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it\u0027s an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37865"
},
{
"category": "external",
"summary": "RHBZ#2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy",
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
}
],
"release_date": "2022-11-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-ivy: Directory Traversal"
},
{
"cve": "CVE-2022-37866",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150011"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy\u0027s repository and overwrite artifacts that the user will use later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ivy: Ivy Path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37866"
},
{
"category": "external",
"summary": "RHBZ#2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ivy: Ivy Path traversal"
},
{
"cve": "CVE-2022-38398",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155292"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38398"
},
{
"category": "external",
"summary": "RHBZ#2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1331",
"url": "https://issues.apache.org/jira/browse/BATIK-1331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38648",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155295"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38648"
},
{
"category": "external",
"summary": "RHBZ#2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1333",
"url": "https://issues.apache.org/jira/browse/BATIK-1333"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-39368",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don\u0027t clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "scandium: Failing DTLS handshakes may cause throttling to block processing of records",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39368"
},
{
"category": "external",
"summary": "RHBZ#2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368"
},
{
"category": "external",
"summary": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc",
"url": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc"
}
],
"release_date": "2022-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "scandium: Failing DTLS handshakes may cause throttling to block processing of records"
},
{
"cve": "CVE-2022-40146",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155291"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery (SSRF) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40146"
},
{
"category": "external",
"summary": "RHBZ#2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1335",
"url": "https://issues.apache.org/jira/browse/BATIK-1335"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery (SSRF) vulnerability"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41704",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik.\u00a0This issue may allow a malicious user to run untrusted Java code from an SVG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41704"
},
{
"category": "external",
"summary": "RHBZ#2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG"
},
{
"cve": "CVE-2022-41852",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136128"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JXPath: untrusted XPath expressions may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41852"
},
{
"category": "external",
"summary": "RHBZ#2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JXPath: untrusted XPath expressions may lead to RCE attack"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Untrusted code execution in Apache XML Graphics Batik",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42890"
},
{
"category": "external",
"summary": "RHBZ#2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Untrusted code execution in Apache XML Graphics Batik"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20863",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2187742"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. Certain versions of Spring Framework\u0027s Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20863"
},
{
"category": "external",
"summary": "RHBZ#2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-20863",
"url": "https://spring.io/security/cve-2023-20863"
}
],
"release_date": "2023-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-22602",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Authentication bypass through a specially crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-22602"
},
{
"category": "external",
"summary": "RHBZ#2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602"
}
],
"release_date": "2023-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Authentication bypass through a specially crafted HTTP request"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2023:7065
Vulnerability from csaf_redhat - Published: 2023-11-14 15:32 - Updated: 2026-03-21 00:59Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
Workaround
No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7065",
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173874"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2189676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189676"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7065.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2026-03-21T00:59:22+00:00",
"generator": {
"date": "2026-03-21T00:59:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:7065",
"initial_release_date": "2023-11-14T15:32:23+00:00",
"revision_history": [
{
"date": "2023-11-14T15:32:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T15:32:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T00:59:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.src",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.\n\npki-servlet-engine has been obsoleted in Red Hat Enterprise Linux 8.9 and later by Tomcat, so no additional fixes for the engine would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023_4910
Vulnerability from csaf_redhat - Published: 2023-09-04 12:24 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4910",
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update",
"tracking": {
"current_release_date": "2024-12-06T12:21:19+00:00",
"generator": {
"date": "2024-12-06T12:21:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:4910",
"initial_release_date": "2023-09-04T12:24:13+00:00",
"revision_history": [
{
"date": "2023-09-04T12:24:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-04T12:24:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JWS 5.7.4 release",
"product": {
"name": "JWS 5.7.4 release",
"product_id": "JWS 5.7.4 release",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2022-28331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172556"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime, affecting versions \u003c= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Windows out-of-bounds write in apr_socket_sendv function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28331"
},
{
"category": "external",
"summary": "RHBZ#2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: Windows out-of-bounds write in apr_socket_sendv function"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"JWS 5.7.4 release"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023_4909
Vulnerability from csaf_redhat - Published: 2023-09-04 12:19 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4909",
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4909.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update",
"tracking": {
"current_release_date": "2024-12-06T12:21:28+00:00",
"generator": {
"date": "2024-12-06T12:21:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:4909",
"initial_release_date": "2023-09-04T12:19:35+00:00",
"revision_history": [
{
"date": "2023-09-04T12:19:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-04T12:19:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el9jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el9jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el9jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023:4983
Vulnerability from csaf_redhat - Published: 2023-09-05 18:37 - Updated: 2026-05-01 16:24Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Workaround
From the maintainer:
For Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of
SimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4983",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "RHPAM-4639",
"url": "https://issues.redhat.com/browse/RHPAM-4639"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update",
"tracking": {
"current_release_date": "2026-05-01T16:24:31+00:00",
"generator": {
"date": "2026-05-01T16:24:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:4983",
"initial_release_date": "2023-09-05T18:37:03+00:00",
"revision_history": [
{
"date": "2023-09-05T18:37:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-05T18:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-01T16:24:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.4 async",
"product": {
"name": "RHPAM 7.13.4 async",
"product_id": "RHPAM 7.13.4 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-3171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137645"
}
],
"notes": [
{
"category": "description",
"text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: timeout in parser leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3171"
},
{
"category": "external",
"summary": "RHBZ#2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: timeout in parser leads to DoS"
},
{
"cve": "CVE-2022-3509",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Textformat parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3509"
},
{
"category": "external",
"summary": "RHBZ#2184161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Textformat parsing issue leads to DoS"
},
{
"cve": "CVE-2022-3510",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Message-Type Extensions parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3510"
},
{
"category": "external",
"summary": "RHBZ#2184176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Message-Type Extensions parsing issue leads to DoS"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-37599",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: regular expression denial of service in interpolateName.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37599"
},
{
"category": "external",
"summary": "RHBZ#2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/211",
"url": "https://github.com/webpack/loader-utils/issues/211"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: regular expression denial of service in interpolateName.js"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2023-0482",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166004"
}
],
"notes": [
{
"category": "description",
"text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: creation of insecure temp files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0482"
},
{
"category": "external",
"summary": "RHBZ#2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "RESTEasy: creation of insecure temp files"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2023_4983
Vulnerability from csaf_redhat - Published: 2023-09-05 18:37 - Updated: 2024-12-17 22:56Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
Workaround
From the maintainer:
For Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of
SimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4983
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4983",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "RHPAM-4639",
"url": "https://issues.redhat.com/browse/RHPAM-4639"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update",
"tracking": {
"current_release_date": "2024-12-17T22:56:41+00:00",
"generator": {
"date": "2024-12-17T22:56:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:4983",
"initial_release_date": "2023-09-05T18:37:03+00:00",
"revision_history": [
{
"date": "2023-09-05T18:37:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-05T18:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:56:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.4 async",
"product": {
"name": "RHPAM 7.13.4 async",
"product_id": "RHPAM 7.13.4 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-3171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137645"
}
],
"notes": [
{
"category": "description",
"text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: timeout in parser leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3171"
},
{
"category": "external",
"summary": "RHBZ#2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: timeout in parser leads to DoS"
},
{
"cve": "CVE-2022-3509",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Textformat parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3509"
},
{
"category": "external",
"summary": "RHBZ#2184161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Textformat parsing issue leads to DoS"
},
{
"cve": "CVE-2022-3510",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Message-Type Extensions parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3510"
},
{
"category": "external",
"summary": "RHBZ#2184176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Message-Type Extensions parsing issue leads to DoS"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-37599",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: regular expression denial of service in interpolateName.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37599"
},
{
"category": "external",
"summary": "RHBZ#2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/211",
"url": "https://github.com/webpack/loader-utils/issues/211"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: regular expression denial of service in interpolateName.js"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2023-0482",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166004"
}
],
"notes": [
{
"category": "description",
"text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: creation of insecure temp files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0482"
},
{
"category": "external",
"summary": "RHBZ#2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "RESTEasy: creation of insecure temp files"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2023:4910
Vulnerability from csaf_redhat - Published: 2023-09-04 12:24 - Updated: 2026-03-21 00:59Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
4.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4910
Workaround
No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4910",
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=webserver\u0026version=5.7"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update",
"tracking": {
"current_release_date": "2026-03-21T00:59:20+00:00",
"generator": {
"date": "2026-03-21T00:59:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:4910",
"initial_release_date": "2023-09-04T12:24:13+00:00",
"revision_history": [
{
"date": "2023-09-04T12:24:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-04T12:24:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T00:59:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JWS 5.7.4 release",
"product": {
"name": "JWS 5.7.4 release",
"product_id": "JWS 5.7.4 release",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2022-28331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172556"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime, affecting versions \u003c= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Windows out-of-bounds write in apr_socket_sendv function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28331"
},
{
"category": "external",
"summary": "RHBZ#2172556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r",
"url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: Windows out-of-bounds write in apr_socket_sendv function"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"JWS 5.7.4 release"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.\n\npki-servlet-engine has been obsoleted in Red Hat Enterprise Linux 8.9 and later by Tomcat, so no additional fixes for the engine would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 5.7.4 release"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:24:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"JWS 5.7.4 release"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"JWS 5.7.4 release"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 5.7.4 release"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023:4909
Vulnerability from csaf_redhat - Published: 2023-09-04 12:19 - Updated: 2026-03-21 00:59Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
4.3 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:4909
Workaround
No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4909",
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4909.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update",
"tracking": {
"current_release_date": "2026-03-21T00:59:18+00:00",
"generator": {
"date": "2026-03-21T00:59:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:4909",
"initial_release_date": "2023-09-04T12:19:35+00:00",
"revision_history": [
{
"date": "2023-09-04T12:19:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-04T12:19:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T00:59:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.7 for RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el9jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.62-15.redhat_00013.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.31-15.redhat_15.el9jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.31-15.redhat_15.el9jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 7 Server",
"product_id": "7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 8",
"product_id": "8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64 as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.7 for RHEL 9",
"product_id": "9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24963",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: integer overflow/wraparound in apr_encode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24963"
},
{
"category": "external",
"summary": "RHBZ#2169465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
"url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr: integer overflow/wraparound in apr_encode"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.\n\npki-servlet-engine has been obsoleted in Red Hat Enterprise Linux 8.9 and later by Tomcat, so no additional fixes for the engine would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"known_not_affected": [
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T12:19:35+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk11-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-java-jdk8-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.src",
"7Server-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el7jws.x86_64",
"7Server-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.src",
"8Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el8jws.x86_64",
"8Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-0:9.0.62-15.redhat_00013.1.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-admin-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-docs-webapp-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-el-3.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-javadoc-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-jsp-2.3-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-lib-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.src",
"9Base-JWS-5.7:jws5-tomcat-native-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-native-debuginfo-0:1.2.31-15.redhat_15.el9jws.x86_64",
"9Base-JWS-5.7:jws5-tomcat-selinux-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-servlet-4.0-api-0:9.0.62-15.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.7:jws5-tomcat-webapps-0:9.0.62-15.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023_2100
Vulnerability from csaf_redhat - Published: 2023-05-03 14:05 - Updated: 2024-12-17 22:55Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Severity
Important
Notes
Topic: Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.
5.4 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
Workaround
By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).
In the example below, the property has been included as an argument to the Java command.
java -Dhsqldb.method_class_names="org.me.MyClass;org.you.YourClass;org.you.lib.*" [the rest of the command line]
The above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.
The user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.
Once the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.
In hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:2100
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2100",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update",
"tracking": {
"current_release_date": "2024-12-17T22:55:43+00:00",
"generator": {
"date": "2024-12-17T22:55:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:2100",
"initial_release_date": "2023-05-03T14:05:29+00:00",
"revision_history": [
{
"date": "2023-05-03T14:05:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-03T14:05:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:55:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.20.1",
"product": {
"name": "RHINT Camel-Springboot 3.20.1",
"product_id": "RHINT Camel-Springboot 3.20.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.20.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Net\u0027s FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-net: FTP client trusts the host from PASV response by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37533"
},
{
"category": "external",
"summary": "RHBZ#2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-net: FTP client trusts the host from PASV response by default"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31777",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145264"
}
],
"notes": [
{
"category": "description",
"text": "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-spark: XSS vulnerability in log viewer UI Javascript",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31777"
},
{
"category": "external",
"summary": "RHBZ#2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777"
}
],
"release_date": "2022-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-spark: XSS vulnerability in log viewer UI Javascript"
},
{
"cve": "CVE-2022-33681",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client\u0027s authentication data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33681"
},
{
"category": "external",
"summary": "RHBZ#2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM"
},
{
"cve": "CVE-2022-37865",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-ivy: Directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it\u0027s an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37865"
},
{
"category": "external",
"summary": "RHBZ#2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy",
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
}
],
"release_date": "2022-11-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-ivy: Directory Traversal"
},
{
"cve": "CVE-2022-37866",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150011"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy\u0027s repository and overwrite artifacts that the user will use later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ivy: Ivy Path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37866"
},
{
"category": "external",
"summary": "RHBZ#2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ivy: Ivy Path traversal"
},
{
"cve": "CVE-2022-38398",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155292"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38398"
},
{
"category": "external",
"summary": "RHBZ#2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1331",
"url": "https://issues.apache.org/jira/browse/BATIK-1331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38648",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155295"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38648"
},
{
"category": "external",
"summary": "RHBZ#2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1333",
"url": "https://issues.apache.org/jira/browse/BATIK-1333"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-39368",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don\u0027t clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "scandium: Failing DTLS handshakes may cause throttling to block processing of records",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39368"
},
{
"category": "external",
"summary": "RHBZ#2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368"
},
{
"category": "external",
"summary": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc",
"url": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc"
}
],
"release_date": "2022-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "scandium: Failing DTLS handshakes may cause throttling to block processing of records"
},
{
"cve": "CVE-2022-40146",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155291"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery (SSRF) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40146"
},
{
"category": "external",
"summary": "RHBZ#2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1335",
"url": "https://issues.apache.org/jira/browse/BATIK-1335"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery (SSRF) vulnerability"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41704",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik.\u00a0This issue may allow a malicious user to run untrusted Java code from an SVG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41704"
},
{
"category": "external",
"summary": "RHBZ#2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG"
},
{
"cve": "CVE-2022-41852",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136128"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JXPath: untrusted XPath expressions may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41852"
},
{
"category": "external",
"summary": "RHBZ#2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JXPath: untrusted XPath expressions may lead to RCE attack"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Untrusted code execution in Apache XML Graphics Batik",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42890"
},
{
"category": "external",
"summary": "RHBZ#2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Untrusted code execution in Apache XML Graphics Batik"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20863",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2187742"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. Certain versions of Spring Framework\u0027s Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20863"
},
{
"category": "external",
"summary": "RHBZ#2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-20863",
"url": "https://spring.io/security/cve-2023-20863"
}
],
"release_date": "2023-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-22602",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Authentication bypass through a specially crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-22602"
},
{
"category": "external",
"summary": "RHBZ#2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602"
}
],
"release_date": "2023-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Authentication bypass through a specially crafted HTTP request"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2023:6570
Vulnerability from csaf_redhat - Published: 2023-11-07 08:49 - Updated: 2026-03-21 00:59Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:6570
Workaround
No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6570",
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173872"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2184133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184133"
},
{
"category": "external",
"summary": "2189675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189675"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6570.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2026-03-21T00:59:21+00:00",
"generator": {
"date": "2026-03-21T00:59:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:6570",
"initial_release_date": "2023-11-07T08:49:34+00:00",
"revision_history": [
{
"date": "2023-11-07T08:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T00:59:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to cause a crash triggering a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.\n\npki-servlet-engine has been obsoleted in Red Hat Enterprise Linux 8.9 and later by Tomcat, so no additional fixes for the engine would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023_3299
Vulnerability from csaf_redhat - Published: 2023-05-24 17:13 - Updated: 2024-12-17 22:55Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* Jenkins: Denial of Service attack (CVE-2023-27900)
* Jenkins: Denial of Service attack (CVE-2023-27901)
* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
Workaround
This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:3299
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Jordy Versmissen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3299",
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "PITEAM-10",
"url": "https://issues.redhat.com/browse/PITEAM-10"
},
{
"category": "external",
"summary": "PITEAM-9",
"url": "https://issues.redhat.com/browse/PITEAM-9"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3299.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2024-12-17T22:55:52+00:00",
"generator": {
"date": "2024-12-17T22:55:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3299",
"initial_release_date": "2023-05-24T17:13:53+00:00",
"revision_history": [
{
"date": "2023-05-24T17:13:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-24T17:13:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:55:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7692",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-07-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856376"
}
],
"notes": [
{
"category": "description",
"text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7692"
},
{
"category": "external",
"summary": "RHBZ#1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692"
}
],
"release_date": "2020-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization"
},
{
"acknowledgments": [
{
"names": [
"Jordy Versmissen"
]
}
],
"cve": "CVE-2021-4178",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034388"
}
],
"notes": [
{
"category": "description",
"text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes-client: Insecure deserialization in unmarshalYaml method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4178"
},
{
"category": "external",
"summary": "RHBZ#2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178"
}
],
"release_date": "2022-01-05T15:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes-client: Insecure deserialization in unmarshalYaml method"
},
{
"cve": "CVE-2021-46877",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46877"
},
{
"category": "external",
"summary": "RHBZ#2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877"
}
],
"release_date": "2023-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode"
},
{
"cve": "CVE-2022-22978",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-05-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Authorization Bypass in RegexRequestMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22978"
},
{
"category": "external",
"summary": "RHBZ#2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22978",
"url": "https://tanzu.vmware.com/security/cve-2022-22978"
}
],
"release_date": "2022-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Authorization Bypass in RegexRequestMatcher"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2023-24422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24422"
},
{
"category": "external",
"summary": "RHBZ#2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016"
}
],
"release_date": "2023-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-25761",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170039"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25761"
},
{
"category": "external",
"summary": "RHBZ#2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2023-25762",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170041"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25762"
},
{
"category": "external",
"summary": "RHBZ#2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin"
},
{
"cve": "CVE-2023-27900",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27900"
},
{
"category": "external",
"summary": "RHBZ#2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27901",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177646"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27901"
},
{
"category": "external",
"summary": "RHBZ#2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27902",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Workspace temporary directories accessible through directory browser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27902"
},
{
"category": "external",
"summary": "RHBZ#2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Workspace temporary directories accessible through directory browser"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
}
]
}
RHSA-2023_7065
Vulnerability from csaf_redhat - Published: 2023-11-14 15:32 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
Workaround
For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2023:7065
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7065",
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173874"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2189676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189676"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7065.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2024-12-06T12:21:47+00:00",
"generator": {
"date": "2024-12-06T12:21:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:7065",
"initial_release_date": "2023-11-14T15:32:23+00:00",
"revision_history": [
{
"date": "2023-11-14T15:32:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T15:32:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.src",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
SUSE-SU-2023:0758-1
Vulnerability from csaf_suse - Published: 2023-03-16 10:34 - Updated: 2023-03-16 10:34Summary
Security update for jakarta-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for jakarta-commons-fileupload
Description of the patch: This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-758,SUSE-OpenStack-Cloud-9-2023-758,SUSE-OpenStack-Cloud-Crowbar-9-2023-758,SUSE-SLE-SAP-12-SP4-2023-758,SUSE-SLE-SERVER-12-SP2-BCL-2023-758,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-758,SUSE-SLE-SERVER-12-SP4-LTSS-2023-758,SUSE-SLE-SERVER-12-SP5-2023-758
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jakarta-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jakarta-commons-fileupload fixes the following issues:\n\n- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). \n- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-758,SUSE-OpenStack-Cloud-9-2023-758,SUSE-OpenStack-Cloud-Crowbar-9-2023-758,SUSE-SLE-SAP-12-SP4-2023-758,SUSE-SLE-SERVER-12-SP2-BCL-2023-758,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-758,SUSE-SLE-SERVER-12-SP4-LTSS-2023-758,SUSE-SLE-SERVER-12-SP5-2023-758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0758-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0758-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230758-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0758-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 986359",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for jakarta-commons-fileupload",
"tracking": {
"current_release_date": "2023-03-16T10:34:45Z",
"generator": {
"date": "2023-03-16T10:34:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0758-1",
"initial_release_date": "2023-03-16T10:34:45Z",
"revision_history": [
{
"date": "2023-03-16T10:34:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"product_id": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
}
},
{
"category": "product_version",
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"product_id": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-espos:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3092"
}
],
"notes": [
{
"category": "general",
"text": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3092",
"url": "https://www.suse.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "SUSE Bug 1068865 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/1068865"
},
{
"category": "external",
"summary": "SUSE Bug 986359 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T10:34:45Z",
"details": "important"
}
],
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T10:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0696-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:40 - Updated: 2023-03-10 08:40Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-696,SUSE-OpenStack-Cloud-9-2023-696,SUSE-OpenStack-Cloud-Crowbar-9-2023-696,SUSE-SLE-SAP-12-SP4-2023-696,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-696,SUSE-SLE-SERVER-12-SP4-LTSS-2023-696,SUSE-SLE-SERVER-12-SP5-2023-696
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-696,SUSE-OpenStack-Cloud-9-2023-696,SUSE-OpenStack-Cloud-Crowbar-9-2023-696,SUSE-SLE-SAP-12-SP4-2023-696,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-696,SUSE-SLE-SERVER-12-SP4-LTSS-2023-696,SUSE-SLE-SERVER-12-SP5-2023-696",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0696-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0696-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230696-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0696-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:40:20Z",
"generator": {
"date": "2023-03-10T08:40:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0696-1",
"initial_release_date": "2023-03-10T08:40:20Z",
"revision_history": [
{
"date": "2023-03-10T08:40:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.99.1.noarch",
"product_id": "tomcat-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.99.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.99.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.99.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-espos:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:40:20Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0695-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:39 - Updated: 2023-03-10 08:39Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-695,SUSE-SLE-SERVER-12-SP2-BCL-2023-695
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-695,SUSE-SLE-SERVER-12-SP2-BCL-2023-695",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0695-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0695-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230695-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0695-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014019.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:39:56Z",
"generator": {
"date": "2023-03-10T08:39:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0695-1",
"initial_release_date": "2023-03-10T08:39:56Z",
"revision_history": [
{
"date": "2023-03-10T08:39:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-8.0.53-29.63.1.noarch",
"product_id": "tomcat-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"product_id": "tomcat-admin-webapps-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"product_id": "tomcat-docs-webapp-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-embed-8.0.53-29.63.1.noarch",
"product_id": "tomcat-embed-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"product_id": "tomcat-javadoc-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-jsvc-8.0.53-29.63.1.noarch",
"product_id": "tomcat-jsvc-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-lib-8.0.53-29.63.1.noarch",
"product_id": "tomcat-lib-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-webapps-8.0.53-29.63.1.noarch",
"product_id": "tomcat-webapps-8.0.53-29.63.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:39:56Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:2390-1
Vulnerability from csaf_suse - Published: 2023-06-06 06:27 - Updated: 2023-06-06 06:27Summary
Security update for apache-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for apache-commons-fileupload
Description of the patch: This update for apache-commons-fileupload fixes the following issues:
Updated to version 1.5:
- CVE-2023-24998: Added a configurable maximum number of files to
upload per request (bsc#1208513).
Patchnames: SUSE-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2390,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2390,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2390,SUSE-Storage-7-2023-2390,SUSE-Storage-7.1-2023-2390,openSUSE-SLE-15.4-2023-2390,openSUSE-SLE-15.5-2023-2390
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache-commons-fileupload fixes the following issues:\n\nUpdated to version 1.5:\n- CVE-2023-24998: Added a configurable maximum number of files to\n upload per request (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2390,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2390,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2390,SUSE-Storage-7-2023-2390,SUSE-Storage-7.1-2023-2390,openSUSE-SLE-15.4-2023-2390,openSUSE-SLE-15.5-2023-2390",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2390-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2390-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232390-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2390-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-June/029737.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for apache-commons-fileupload",
"tracking": {
"current_release_date": "2023-06-06T06:27:47Z",
"generator": {
"date": "2023-06-06T06:27:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2390-1",
"initial_release_date": "2023-06-06T06:27:47Z",
"revision_history": [
{
"date": "2023-06-06T06:27:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"product": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"product_id": "apache-commons-fileupload-1.5-150200.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"product": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"product_id": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-06T06:27:47Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:1769-1
Vulnerability from csaf_suse - Published: 2023-04-05 09:07 - Updated: 2023-04-05 09:07Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
- CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).\n- CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:1769-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20231769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:1769-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-April/028652.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 1209622",
"url": "https://bugzilla.suse.com/1209622"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-04-05T09:07:57Z",
"generator": {
"date": "2023-04-05T09:07:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:1769-1",
"initial_release_date": "2023-04-05T09:07:57Z",
"revision_history": [
{
"date": "2023-04-05T09:07:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-embed-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-embed-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-javadoc-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-jsvc-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-lib-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-webapps-9.0.43-150200.35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-embed-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-04-05T09:07:57Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-04-05T09:07:57Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
}
]
}
SUSE-SU-2023:2505-1
Vulnerability from csaf_suse - Published: 2023-06-13 15:42 - Updated: 2023-06-13 15:42Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Updated to version 9.0.75:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608).
Patchnames: SUSE-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2505,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2505,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2505,SUSE-Storage-7-2023-2505,SUSE-Storage-7.1-2023-2505,openSUSE-SLE-15.4-2023-2505,openSUSE-SLE-15.5-2023-2505
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdated to version 9.0.75:\n- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2505,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2505,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2505,SUSE-Storage-7-2023-2505,SUSE-Storage-7.1-2023-2505,openSUSE-SLE-15.4-2023-2505,openSUSE-SLE-15.5-2023-2505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2505-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2505-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232505-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2505-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015174.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 1211608",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-06-13T15:42:43Z",
"generator": {
"date": "2023-06-13T15:42:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2505-1",
"initial_release_date": "2023-06-13T15:42:43Z",
"revision_history": [
{
"date": "2023-06-13T15:42:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-embed-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-javadoc-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-jsvc-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-lib-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-webapps-9.0.75-150200.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-embed-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-embed-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-13T15:42:43Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-13T15:42:43Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
}
]
}
SUSE-SU-2023:0730-1
Vulnerability from csaf_suse - Published: 2023-03-14 15:59 - Updated: 2023-03-14 15:59Summary
Security update for jakarta-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for jakarta-commons-fileupload
Description of the patch: This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-730,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-730,openSUSE-SLE-15.4-2023-730
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jakarta-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jakarta-commons-fileupload fixes the following issues:\n\n- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). \n- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-730,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-730,openSUSE-SLE-15.4-2023-730",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0730-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0730-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230730-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0730-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 986359",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for jakarta-commons-fileupload",
"tracking": {
"current_release_date": "2023-03-14T15:59:49Z",
"generator": {
"date": "2023-03-14T15:59:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0730-1",
"initial_release_date": "2023-03-14T15:59:49Z",
"revision_history": [
{
"date": "2023-03-14T15:59:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"product_id": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
}
},
{
"category": "product_version",
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"product_id": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3092"
}
],
"notes": [
{
"category": "general",
"text": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3092",
"url": "https://www.suse.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "SUSE Bug 1068865 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/1068865"
},
{
"category": "external",
"summary": "SUSE Bug 986359 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-14T15:59:49Z",
"details": "important"
}
],
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-14T15:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0697-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:41 - Updated: 2023-03-10 08:41Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-697,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-697
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-697,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-697",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0697-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0697-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230697-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0697-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014017.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:41:01Z",
"generator": {
"date": "2023-03-10T08:41:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0697-1",
"initial_release_date": "2023-03-10T08:41:01Z",
"revision_history": [
{
"date": "2023-03-10T08:41:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-embed-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-lib-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-webapps-9.0.36-150100.4.87.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:41:01Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2024-0890
Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00Summary
Oracle Supply Chain: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Oracle Supply Chain ist eine Sammlung von Applikationen für verschiedene Zwecke.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Oracle Supply Chain ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Oracle Supply Chain ist eine Sammlung von Applikationen f\u00fcr verschiedene Zwecke.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Supply Chain ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0890 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0890.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0890 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0890"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Supply Chain vom 2024-04-16",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixSCP"
}
],
"source_lang": "en-US",
"title": "Oracle Supply Chain: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-04-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:07:45.716+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0890",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.3.6",
"product": {
"name": "Oracle Supply Chain 9.3.6",
"product_id": "T019052",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:supply_chain:9.3.6"
}
}
},
{
"category": "product_version",
"name": "6.2.4.2",
"product": {
"name": "Oracle Supply Chain 6.2.4.2",
"product_id": "T032129",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:supply_chain:6.2.4.2"
}
}
},
{
"category": "product_version",
"name": "6.5.2",
"product": {
"name": "Oracle Supply Chain 6.5.2",
"product_id": "T034190",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:supply_chain:6.5.2"
}
}
},
{
"category": "product_version",
"name": "6.5.3",
"product": {
"name": "Oracle Supply Chain 6.5.3",
"product_id": "T034191",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:supply_chain:6.5.3"
}
}
}
],
"category": "product_name",
"name": "Supply Chain"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-42503",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-42503"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21091",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21091"
},
{
"cve": "CVE-2024-21092",
"notes": [
{
"category": "description",
"text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T034190",
"T032129",
"T034191",
"T019052"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21092"
}
]
}
WID-SEC-W-2023-1808
Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-07-18 22:00Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1808 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1808.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1808 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1808"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Financial Services Applications vom 2023-07-18",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:51.752+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1808",
"initial_release_date": "2023-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.0",
"product_id": "T018983",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 14.3",
"product": {
"name": "Oracle Financial Services Applications \u003c= 14.3",
"product_id": "T019887",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1",
"product_id": "T019891",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.7",
"product": {
"name": "Oracle Financial Services Applications 8.0.7",
"product_id": "T021676",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.8",
"product_id": "T021677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1",
"product_id": "T022835",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1",
"product_id": "T022844",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.0.8.2",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.2",
"product_id": "T024990",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product": {
"name": "Oracle Financial Services Applications \u003c= 14.7",
"product_id": "T027348",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.4",
"product_id": "T027351",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.6",
"product": {
"name": "Oracle Financial Services Applications 14.6",
"product_id": "T027355",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.6"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 18.2.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 18.2.0.0.0",
"product_id": "T028691",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:18.2.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 18.3.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 18.3.0.0.0",
"product_id": "T028692",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:18.3.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 19.1.0.0.0",
"product_id": "T028693",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.1.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 19.2.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 19.2.0.0.0",
"product_id": "T028694",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:19.2.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 21.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 21.1.0.0.0",
"product_id": "T028695",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.1.0.0.0",
"product_id": "T028696",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 22.2.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.2.0.0.0",
"product_id": "T028697",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.7.0.2.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.2.0",
"product_id": "T028698",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.7.1.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.1.0.0",
"product_id": "T028699",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.5.0.8.0",
"product": {
"name": "Oracle Financial Services Applications 14.5.0.8.0",
"product_id": "T028700",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.5.0.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.6.0.4.0",
"product": {
"name": "Oracle Financial Services Applications 14.6.0.4.0",
"product_id": "T028701",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.7.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.0.0",
"product_id": "T028702",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.6.0.3.0",
"product": {
"name": "Oracle Financial Services Applications 14.6.0.3.0",
"product_id": "T028703",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.7.0.1.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.1.0",
"product_id": "T028704",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2",
"product": {
"name": "Oracle Financial Services Applications 8.1.2",
"product_id": "T028705",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 8.1.2.5",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.5",
"product_id": "T028706",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
}
}
},
{
"category": "product_name",
"name": "Oracle Financial Services Applications 14.7.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0",
"product_id": "T028707",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28708",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28439",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-28439"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-20863",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-20861",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-1436",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2022-48285",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-48285"
},
{
"cve": "CVE-2022-46364",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-46364"
},
{
"cve": "CVE-2022-45693",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2022-45199",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45199"
},
{
"cve": "CVE-2022-45143",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-45047",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-33879",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-33879"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-31692",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-31692"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-2048",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-2048"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2020-13936",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T027351",
"T019891",
"T021677",
"T022844",
"T018983",
"T021676",
"T028707",
"T028705",
"T028706",
"T028703",
"T028704",
"T028701",
"T028702",
"T028700",
"T027355",
"T028693",
"T028694",
"T028691",
"T028692",
"T022835",
"T028699",
"T028697",
"T028698",
"T028695",
"T024990",
"T028696"
],
"last_affected": [
"T019887",
"T027348"
]
},
"release_date": "2023-07-18T22:00:00.000+00:00",
"title": "CVE-2020-13936"
}
]
}
WID-SEC-W-2023-2309
Vulnerability from csaf_certbund - Published: 2023-09-11 22:00 - Updated: 2023-09-11 22:00Summary
SAP Patchday September 2023
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen zählen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabeprüfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2309 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2309.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2309 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2309"
},
{
"category": "external",
"summary": "SAP Patchday September 2023 vom 2023-09-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2023",
"tracking": {
"current_release_date": "2023-09-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.189+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2309",
"initial_release_date": "2023-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42472",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-42472"
},
{
"cve": "CVE-2023-41369",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41369"
},
{
"cve": "CVE-2023-41368",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41368"
},
{
"cve": "CVE-2023-41367",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41367"
},
{
"cve": "CVE-2023-40625",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40625"
},
{
"cve": "CVE-2023-40624",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40624"
},
{
"cve": "CVE-2023-40623",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40623"
},
{
"cve": "CVE-2023-40622",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40622"
},
{
"cve": "CVE-2023-40621",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40621"
},
{
"cve": "CVE-2023-40309",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40309"
},
{
"cve": "CVE-2023-40308",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40308"
},
{
"cve": "CVE-2023-40306",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40306"
},
{
"cve": "CVE-2023-37489",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-37489"
},
{
"cve": "CVE-2023-25616",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-25616"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-41272",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2022-41272"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
WID-SEC-W-2023-1005
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00Summary
Oracle REST Data Services: Schwachstelle gefährdet Verfügbarkeit
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle REST Data Services (ORDS) ermöglicht die Erstellung grundlegender RESTful Web Services unter Verwendung von PL/SQL.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Oracle REST Data Services ausnutzen, um die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In Oracle REST Data Services existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, authentisierter Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu dieser Schwachstelle (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier "HIGH" für "Availability" und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle REST Data Services (ORDS) erm\u00f6glicht die Erstellung grundlegender RESTful Web Services unter Verwendung von PL/SQL.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Oracle REST Data Services ausnutzen, um die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1005 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1005.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1005 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1005"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle REST Data Services vom 2023-04-18",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixREST"
}
],
"source_lang": "en-US",
"title": "Oracle REST Data Services: Schwachstelle gef\u00e4hrdet Verf\u00fcgbarkeit",
"tracking": {
"current_release_date": "2023-04-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:49:09.148+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1005",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle REST Data Services \u003c 23.1.0",
"product": {
"name": "Oracle REST Data Services \u003c 23.1.0",
"product_id": "T027320",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:rest_data_services:23.1.0"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle REST Data Services existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, authentisierter Angreifer die Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu dieser Schwachstelle (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier \"HIGH\" f\u00fcr \"Availability\" und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2026-0915
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-04-15 22:00Summary
Kyocera Drucker: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Kyocera ist ein Hersteller u.a. von Druckern.
Angriff: Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Hardware Appliance
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Kyocera ist ein Hersteller u.a. von Druckern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0915 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0915.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0915 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0915"
},
{
"category": "external",
"summary": "Kyocera-Sicherheitshinweise",
"url": "https://www.kyoceradocumentsolutions.de/de/support/sicherheitsluecken.html"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2013-0248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0248"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2014-0050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8126"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8472",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8472"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-1000031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000031"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-9842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2017-12652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-37434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40303"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-29469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2024-20952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952"
}
],
"source_lang": "en-US",
"title": "Kyocera Drucker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-15T22:00:00.000+00:00",
"generator": {
"date": "2026-04-16T05:54:14.267+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0915",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "2",
"summary": "Anpassung CVSS"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "3",
"summary": "Erg\u00e4nzung von Kyocera bereitgestellter Informationen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "TASKalfa",
"product": {
"name": "Kyocera Printer TASKalfa",
"product_id": "T029668",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:taskalfa"
}
}
},
{
"category": "product_version",
"name": "ECOSYS",
"product": {
"name": "Kyocera Printer ECOSYS",
"product_id": "T029669",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:ecosys"
}
}
}
],
"category": "product_name",
"name": "Printer"
}
],
"category": "vendor",
"name": "Kyocera"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0248",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2013-0248"
},
{
"cve": "CVE-2014-0050",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2014-0050"
},
{
"cve": "CVE-2015-8126",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8126"
},
{
"cve": "CVE-2015-8472",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8472"
},
{
"cve": "CVE-2016-1000031",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2016-3092",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3751",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3751"
},
{
"cve": "CVE-2016-9842",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-9842"
},
{
"cve": "CVE-2017-12652",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2017-12652"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-40303",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29469",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2024-20952",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2024-20952"
}
]
}
WID-SEC-W-2023-0433
Vulnerability from csaf_certbund - Published: 2023-02-20 23:00 - Updated: 2025-10-29 23:00Summary
Apache Commons und Apache Tomcat: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons und Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.\r\nApache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons und Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0433 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0433.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0433 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0433"
},
{
"category": "external",
"summary": "Github Advisory Database vom 2023-02-20",
"url": "https://github.com/advisories/GHSA-hfrx-6qgj-fp6c"
},
{
"category": "external",
"summary": "Seclists.org vom 2023-02-20",
"url": "https://seclists.org/oss-sec/2023/q1/107"
},
{
"category": "external",
"summary": "Seclists.org vom 2023-02-20",
"url": "https://seclists.org/oss-sec/2023/q1/108"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0696-1 vom 2023-03-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0695-1 vom 2023-03-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0697-1 vom 2023-03-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0730-1 vom 2023-03-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0758-1 vom 2023-03-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6964742 vom 2023-03-21",
"url": "https://www.ibm.com/support/pages/node/6964742"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:1769-1 vom 2023-04-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014386.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6982047 vom 2023-04-07",
"url": "https://www.ibm.com/support/pages/node/6982047"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6982881 vom 2023-04-12",
"url": "https://www.ibm.com/support/pages/node/6982881"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6983456 vom 2023-04-13",
"url": "https://www.ibm.com/support/pages/node/6983456"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6983486 vom 2023-04-13",
"url": "https://www.ibm.com/support/pages/node/6983486"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6984945 vom 2023-04-20",
"url": "https://www.ibm.com/support/pages/node/6984945"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6984965 vom 2023-04-20",
"url": "https://www.ibm.com/support/pages/node/6984965"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6985555 vom 2023-04-24",
"url": "https://www.ibm.com/support/pages/node/6985555"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6987131 vom 2023-04-29",
"url": "https://www.ibm.com/support/pages/node/6987131"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6987355 vom 2023-04-30",
"url": "https://www.ibm.com/support/pages/node/6987355"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1738 vom 2023-05-04",
"url": "https://alas.aws.amazon.com/ALAS-2023-1738.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6988523 vom 2023-05-06",
"url": "https://www.ibm.com/support/pages/node/6988523"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6989653 vom 2023-05-11",
"url": "https://www.ibm.com/support/pages/node/6989653"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202305-37 vom 2023-05-30",
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6999301 vom 2023-05-30",
"url": "https://www.ibm.com/support/pages/node/6999301"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2319-1 vom 2023-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/015019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2318-1 vom 2023-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/015020.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K000133052 vom 2023-06-01",
"url": "https://my.f5.com/manage/s/article/K000133052"
},
{
"category": "external",
"summary": "Extreme Security Advisory",
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000110106"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7001009 vom 2023-06-02",
"url": "https://www.ibm.com/support/pages/node/7001009"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2390-1 vom 2023-06-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015091.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2504-1 vom 2023-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015175.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2505-1 vom 2023-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015174.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7004187 vom 2023-06-15",
"url": "https://www.ibm.com/support/pages/node/7004187"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7005499 vom 2023-06-20",
"url": "https://www.ibm.com/support/pages/node/7005499"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7005589 vom 2023-06-21",
"url": "https://www.ibm.com/support/pages/node/7005589"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7005851 vom 2023-06-21",
"url": "https://www.ibm.com/support/pages/node/7005851"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7006099 vom 2023-06-23",
"url": "https://www.ibm.com/support/pages/node/7006099"
},
{
"category": "external",
"summary": "F5 Security Advisory K000135262 vom 2023-06-29",
"url": "https://my.f5.com/manage/s/article/K000135262"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7007743 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7007743"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7007425 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7007425"
},
{
"category": "external",
"summary": "Security Update for Dell Networker",
"url": "https://www.dell.com/support/kbdoc/de-de/000215494/dsa-2023-172-security-update-for-dell-networker-apache-tomcat"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7010099 vom 2023-07-06",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7006449 vom 2023-07-07",
"url": "https://www.ibm.com/support/pages/node/7006449"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-127 vom 2023-07-18",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-127/index.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1779 vom 2023-07-20",
"url": "https://alas.aws.amazon.com/ALAS-2023-1779.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7014915 vom 2023-08-01",
"url": "https://www.ibm.com/support/pages/node/7014915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4910 vom 2023-09-04",
"url": "https://access.redhat.com/errata/RHSA-2023:4910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4909 vom 2023-09-04",
"url": "https://access.redhat.com/errata/RHSA-2023:4909"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7027925 vom 2023-09-08",
"url": "https://www.ibm.com/support/pages/node/7027925"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-008 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-008.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-001 vom 2023-09-28",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-001.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-013 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-013.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-001 vom 2023-09-28",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-001.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5522 vom 2023-10-11",
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3617 vom 2023-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1861 vom 2023-10-25",
"url": "https://alas.aws.amazon.com/ALAS-2023-1861.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7063721 vom 2023-10-31",
"url": "https://www.ibm.com/support/pages/node/7063721"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6570 vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7065 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "external",
"summary": "Extreme Portal Security Advisory",
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000110106"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7100942 vom 2023-12-20",
"url": "https://www.ibm.com/support/pages/node/7100942"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105533 vom 2024-01-06",
"url": "https://www.ibm.com/support/pages/node/7105533"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2517 vom 2024-04-18",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2517.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7168816 vom 2024-09-18",
"url": "https://www.ibm.com/support/pages/node/7168816"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4245 vom 2025-07-22",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230302-0013 vom 2025-10-29",
"url": "https://security.netapp.com/advisory/NTAP-20230302-0013"
}
],
"source_lang": "en-US",
"title": "Apache Commons und Apache Tomcat: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-10-29T23:00:00.000+00:00",
"generator": {
"date": "2025-10-30T08:13:41.395+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-0433",
"initial_release_date": "2023-02-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-02-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-16T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-20T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-10T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-12T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-19T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-05-04T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-11T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-29T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-05-30T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM und SUSE aufgenommen"
},
{
"date": "2023-06-01T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-06-04T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-05T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-06-13T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-06-14T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-20T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-21T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-22T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von F5 und IBM aufgenommen"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-07-06T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-07-17T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-07-18T22:00:00.000+00:00",
"number": "31",
"summary": "Produkte erg\u00e4nzt"
},
{
"date": "2023-07-19T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-07-31T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-04T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-10T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-29T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von ExtremeNetworks aufgenommen"
},
{
"date": "2023-12-20T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-17T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-10-29T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "49"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "FileUpload \u003c1.5",
"product": {
"name": "Apache Commons FileUpload \u003c1.5",
"product_id": "T026439"
}
},
{
"category": "product_version",
"name": "FileUpload 1.5",
"product": {
"name": "Apache Commons FileUpload 1.5",
"product_id": "T026439-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:commons:fileupload__1.5"
}
}
}
],
"category": "product_name",
"name": "Commons"
},
{
"category": "product_name",
"name": "Apache Tomcat",
"product": {
"name": "Apache Tomcat",
"product_id": "643",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:-"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c19.9.0.1",
"product_id": "T028404"
}
},
{
"category": "product_version",
"name": "19.9.0.1",
"product": {
"name": "Dell NetWorker 19.9.0.1",
"product_id": "T028404-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.9.0.1"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Extreme Networks Extreme Management Center",
"product": {
"name": "Extreme Networks Extreme Management Center",
"product_id": "T027943",
"product_identification_helper": {
"cpe": "cpe:/a:extremenetworks:netsight:-"
}
}
},
{
"category": "product_name",
"name": "Extreme Networks Extreme Management Center",
"product": {
"name": "Extreme Networks Extreme Management Center",
"product_id": "T030183",
"product_identification_helper": {
"cpe": "cpe:/a:extremenetworks:netsight:-"
}
}
}
],
"category": "product_name",
"name": "Extreme Management Center"
}
],
"category": "vendor",
"name": "Extreme Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T010951",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "21.0.2",
"product": {
"name": "IBM Business Automation Workflow 21.0.2",
"product_id": "1055431",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.2"
}
}
},
{
"category": "product_version",
"name": "21.0.3",
"product": {
"name": "IBM Business Automation Workflow 21.0.3",
"product_id": "1150328",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
}
}
},
{
"category": "product_version",
"name": "22.0.1",
"product": {
"name": "IBM Business Automation Workflow 22.0.1",
"product_id": "1268578",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
}
}
},
{
"category": "product_version",
"name": "18.0.0.0",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.0",
"product_id": "389078",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.0"
}
}
},
{
"category": "product_version",
"name": "18.0.0.1",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.1",
"product_id": "389079",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.1"
}
}
},
{
"category": "product_version",
"name": "18.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.2",
"product_id": "428468",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
}
}
},
{
"category": "product_version",
"name": "19.0.0.1",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.1",
"product_id": "433292",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.1"
}
}
},
{
"category": "product_version",
"name": "19.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.2",
"product_id": "672243",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.2"
}
}
},
{
"category": "product_version",
"name": "19.0.0.3",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.3",
"product_id": "672244",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
}
}
},
{
"category": "product_version",
"name": "20.0.0.1",
"product": {
"name": "IBM Business Automation Workflow 20.0.0.1",
"product_id": "867559",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.1"
}
}
},
{
"category": "product_version",
"name": "20.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 20.0.0.2",
"product_id": "867560",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_version",
"name": "traditional",
"product": {
"name": "IBM Business Automation Workflow traditional",
"product_id": "T024465",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:traditional"
}
}
},
{
"category": "product_version",
"name": "21.0.3.1",
"product": {
"name": "IBM Business Automation Workflow 21.0.3.1",
"product_id": "T025512",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3.1"
}
}
},
{
"category": "product_version",
"name": "22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T025770",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T026126",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:v22.0.1_traditional"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"category": "product_name",
"name": "IBM Integration Bus",
"product": {
"name": "IBM Integration Bus",
"product_id": "T011169",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"category": "product_version",
"name": "appliance",
"product": {
"name": "IBM MQ appliance",
"product_id": "T025711",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:appliance"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "8.1",
"product": {
"name": "IBM Operational Decision Manager 8.10",
"product_id": "T013722",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10"
}
}
},
{
"category": "product_version",
"name": "8.11",
"product": {
"name": "IBM Operational Decision Manager 8.11",
"product_id": "T022173",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11"
}
}
},
{
"category": "product_version",
"name": "8.10.x",
"product": {
"name": "IBM Operational Decision Manager 8.10.x",
"product_id": "T027827",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.x"
}
}
},
{
"category": "product_version",
"name": "8.11.x",
"product": {
"name": "IBM Operational Decision Manager 8.11.x",
"product_id": "T027828",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.x"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "V10",
"product": {
"name": "IBM Power Hardware Management Console V10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
},
{
"category": "product_version",
"name": "DS8000",
"product": {
"name": "IBM Power Hardware Management Console DS8000",
"product_id": "T028436",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:ds8000"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5.4.15",
"product": {
"name": "IBM Rational Asset Manager 7.5.4.15",
"product_id": "T037732",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_asset_manager:7.5.4.15"
}
}
}
],
"category": "product_name",
"name": "Rational Asset Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.24",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.24",
"product_id": "T030689"
}
},
{
"category": "product_version",
"name": "8.0.0.24",
"product": {
"name": "IBM Rational Build Forge 8.0.0.24",
"product_id": "T030689-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.3.2.6",
"product": {
"name": "IBM Rational Change \u003c5.3.2.6",
"product_id": "T028986"
}
},
{
"category": "product_version",
"name": "5.3.2.6",
"product": {
"name": "IBM Rational Change 5.3.2.6",
"product_id": "T028986-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_change:5.3.2.6"
}
}
}
],
"category": "product_name",
"name": "Rational Change"
},
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.2.1",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
"product_id": "T005246",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
}
}
},
{
"category": "product_version",
"name": "8.2.2",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
"product_id": "T007073",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
}
}
}
],
"category": "product_name",
"name": "Security Access Manager for Enterprise Single Sign-On"
},
{
"category": "product_name",
"name": "IBM Security Identity Manager",
"product": {
"name": "IBM Security Identity Manager",
"product_id": "T023840",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_identity_manager:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "10.0.0.0-10.0.6.1",
"product": {
"name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
"product_id": "T031895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"branches": [
{
"category": "product_version",
"name": "plus 10.1",
"product": {
"name": "IBM Spectrum Protect plus 10.1",
"product_id": "T015895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM TXSeries 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_version",
"name": "8.2",
"product": {
"name": "IBM TXSeries 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
},
{
"category": "product_version",
"name": "8.1",
"product": {
"name": "IBM TXSeries 8.1",
"product_id": "T015905",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.0.5",
"product": {
"name": "IBM Tivoli Business Service Manager \u003c6.2.0.5",
"product_id": "T027560"
}
},
{
"category": "product_version",
"name": "6.2.0.5",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0.5",
"product_id": "T027560-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5"
}
}
}
],
"category": "product_name",
"name": "Tivoli Business Service Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0.7",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7",
"product_id": "342008",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.0 FP30",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus \u003c8.1.0 FP30",
"product_id": "T026819"
}
},
{
"category": "product_version",
"name": "8.1.0 FP30",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0 FP30",
"product_id": "T026819-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0_fp30"
}
}
},
{
"category": "product_version",
"name": "8.1.0",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0",
"product_id": "T027235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_version",
"name": "17.0.0.3-23.0.0.3",
"product": {
"name": "IBM WebSphere Application Server 17.0.0.3-23.0.0.3",
"product_id": "T027113",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:17.0.0.3_-_23.0.0.3"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5",
"product_id": "306235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
}
}
}
],
"category": "product_name",
"name": "WebSphere Service Registry and Repository"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T034125",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.7.4",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.7.4",
"product_id": "T029706"
}
},
{
"category": "product_version",
"name": "5.7.4",
"product": {
"name": "Red Hat JBoss Web Server 5.7.4",
"product_id": "T029706-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7.4"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T005246",
"T031895",
"T011169",
"T010951",
"T030689",
"703851",
"T034125",
"703852",
"T026819",
"433292",
"T028404",
"398363",
"T025770",
"T027113",
"T027235",
"T027560",
"867559",
"1268578",
"389079",
"428468",
"T012167",
"389078",
"1150328",
"T017562",
"T022954",
"2951",
"T002207",
"867560",
"643",
"T029706",
"T019704",
"T026439",
"T004180",
"T023840",
"306235",
"T015905",
"T015904",
"T015903",
"672243",
"67646",
"672244",
"T013722",
"T030183",
"T037732",
"1055431",
"T025711",
"T020304",
"T024465",
"T026126",
"T001663",
"T025512",
"T028986",
"342008",
"T021398",
"T023373",
"T015895",
"T027827",
"T027828",
"T027943",
"T007073",
"T028436",
"T022173"
]
},
"release_date": "2023-02-20T23:00:00.000+00:00",
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2023-1007
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00Summary
Oracle Database Server: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1007 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1007.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1007 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1007"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Database Server vom 2023-04-18",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixDB"
}
],
"source_lang": "en-US",
"title": "Oracle Database Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-04-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:49:09.596+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1007",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Database Server 21c",
"product": {
"name": "Oracle Database Server 21c",
"product_id": "1120391",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:21c"
}
}
},
{
"category": "product_name",
"name": "Oracle Database Server 19c",
"product": {
"name": "Oracle Database Server 19c",
"product_id": "425140",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:19c"
}
}
}
],
"category": "product_name",
"name": "Database Server"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"425140",
"1120391"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-21934",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"425140",
"1120391"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21934"
},
{
"cve": "CVE-2023-21918",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"425140",
"1120391"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-21918"
},
{
"cve": "CVE-2022-45061",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"425140",
"1120391"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2022-45061"
}
]
}
WID-SEC-W-2023-2031
Vulnerability from csaf_certbund - Published: 2023-08-09 22:00 - Updated: 2024-08-08 22:00Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2031 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2031.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2031 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2031"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-08-09",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-011_FFPSv7-S11_MediaInstall_Aug2023.pdf"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-08-09",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-012_FFPSv2_Win10_SecurityBulletin_Aug2023.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-013 vom 2023-08-24",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/08/Xerox-Security-Bulletin-XRX23-013-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2331 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2331.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-17 vom 2024-08-09",
"url": "https://security.gentoo.org/glsa/202408-17"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-08-08T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:56:55.155+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2031",
"initial_release_date": "2023-08-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-08-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v2",
"product": {
"name": "Xerox FreeFlow Print Server v2",
"product_id": "T014888",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
},
{
"category": "product_version",
"name": "v7 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v7 for Solaris",
"product_id": "T029230",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-0687",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2004-0687"
},
{
"cve": "CVE-2020-23903",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2020-23903"
},
{
"cve": "CVE-2020-23904",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2020-23904"
},
{
"cve": "CVE-2021-33621",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-33621"
},
{
"cve": "CVE-2021-33657",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-33657"
},
{
"cve": "CVE-2021-3575",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-3575"
},
{
"cve": "CVE-2021-3618",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-3618"
},
{
"cve": "CVE-2021-43618",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2022-2097",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-21123",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21127",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21127"
},
{
"cve": "CVE-2022-21166",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-21589",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21589"
},
{
"cve": "CVE-2022-21592",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21592"
},
{
"cve": "CVE-2022-21608",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21608"
},
{
"cve": "CVE-2022-21617",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21617"
},
{
"cve": "CVE-2022-28805",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-28805"
},
{
"cve": "CVE-2022-30115",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-31783",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-31783"
},
{
"cve": "CVE-2022-33099",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-33099"
},
{
"cve": "CVE-2022-3729",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-3729"
},
{
"cve": "CVE-2022-37290",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-37290"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-39348",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-39348"
},
{
"cve": "CVE-2022-40897",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-41716",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41717",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41717"
},
{
"cve": "CVE-2022-41720",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-41723",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2022-41724",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41724"
},
{
"cve": "CVE-2022-41725",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41725"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-44617",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44617"
},
{
"cve": "CVE-2022-44792",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44792"
},
{
"cve": "CVE-2022-44793",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44793"
},
{
"cve": "CVE-2022-46285",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46285"
},
{
"cve": "CVE-2022-46663",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46663"
},
{
"cve": "CVE-2022-46908",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-4743",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4743"
},
{
"cve": "CVE-2022-48303",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-48303"
},
{
"cve": "CVE-2022-4883",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4883"
},
{
"cve": "CVE-2022-4904",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4904"
},
{
"cve": "CVE-2023-0002",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0002"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0494",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0494"
},
{
"cve": "CVE-2023-0547",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0547"
},
{
"cve": "CVE-2023-1161",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1161"
},
{
"cve": "CVE-2023-1945",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1945"
},
{
"cve": "CVE-2023-1992",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1992"
},
{
"cve": "CVE-2023-1993",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1993"
},
{
"cve": "CVE-2023-1994",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1994"
},
{
"cve": "CVE-2023-1999",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1999"
},
{
"cve": "CVE-2023-21526",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21526"
},
{
"cve": "CVE-2023-21756",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21756"
},
{
"cve": "CVE-2023-21911",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21911"
},
{
"cve": "CVE-2023-21912",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21912"
},
{
"cve": "CVE-2023-21919",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21919"
},
{
"cve": "CVE-2023-21920",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21920"
},
{
"cve": "CVE-2023-21929",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21929"
},
{
"cve": "CVE-2023-21933",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21933"
},
{
"cve": "CVE-2023-21935",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21935"
},
{
"cve": "CVE-2023-21940",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21940"
},
{
"cve": "CVE-2023-21945",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21945"
},
{
"cve": "CVE-2023-21946",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21946"
},
{
"cve": "CVE-2023-21947",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21947"
},
{
"cve": "CVE-2023-21953",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21953"
},
{
"cve": "CVE-2023-21955",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21955"
},
{
"cve": "CVE-2023-21962",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21962"
},
{
"cve": "CVE-2023-21966",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21966"
},
{
"cve": "CVE-2023-21972",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21972"
},
{
"cve": "CVE-2023-21976",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21976"
},
{
"cve": "CVE-2023-21977",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21977"
},
{
"cve": "CVE-2023-21980",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21980"
},
{
"cve": "CVE-2023-21982",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21982"
},
{
"cve": "CVE-2023-21995",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21995"
},
{
"cve": "CVE-2023-22006",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22006"
},
{
"cve": "CVE-2023-22023",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22023"
},
{
"cve": "CVE-2023-22036",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22036"
},
{
"cve": "CVE-2023-22041",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22041"
},
{
"cve": "CVE-2023-22044",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22044"
},
{
"cve": "CVE-2023-22045",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22045"
},
{
"cve": "CVE-2023-22049",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22049"
},
{
"cve": "CVE-2023-23931",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-23931"
},
{
"cve": "CVE-2023-24021",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24021"
},
{
"cve": "CVE-2023-24532",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24532"
},
{
"cve": "CVE-2023-24534",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24534"
},
{
"cve": "CVE-2023-24536",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24536"
},
{
"cve": "CVE-2023-24537",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24537"
},
{
"cve": "CVE-2023-24538",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24538"
},
{
"cve": "CVE-2023-24539",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-24932",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24932"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-25193",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25193"
},
{
"cve": "CVE-2023-25652",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25652"
},
{
"cve": "CVE-2023-25690",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-25815",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25815"
},
{
"cve": "CVE-2023-26767",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26767"
},
{
"cve": "CVE-2023-26768",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26768"
},
{
"cve": "CVE-2023-26769",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26769"
},
{
"cve": "CVE-2023-2731",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-2731"
},
{
"cve": "CVE-2023-27320",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-27320"
},
{
"cve": "CVE-2023-27522",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-27522"
},
{
"cve": "CVE-2023-28005",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28005"
},
{
"cve": "CVE-2023-28484",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-28486",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28486"
},
{
"cve": "CVE-2023-28487",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28487"
},
{
"cve": "CVE-2023-28709",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-28755",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28755"
},
{
"cve": "CVE-2023-28756",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28756"
},
{
"cve": "CVE-2023-29007",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29007"
},
{
"cve": "CVE-2023-29400",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29469",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-29479",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29479"
},
{
"cve": "CVE-2023-29531",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29531"
},
{
"cve": "CVE-2023-29532",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29532"
},
{
"cve": "CVE-2023-29533",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29533"
},
{
"cve": "CVE-2023-29535",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29535"
},
{
"cve": "CVE-2023-29536",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29536"
},
{
"cve": "CVE-2023-29539",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29539"
},
{
"cve": "CVE-2023-29541",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29541"
},
{
"cve": "CVE-2023-29542",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29542"
},
{
"cve": "CVE-2023-29545",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29545"
},
{
"cve": "CVE-2023-29548",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29548"
},
{
"cve": "CVE-2023-29550",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29550"
},
{
"cve": "CVE-2023-30086",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30086"
},
{
"cve": "CVE-2023-30608",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30608"
},
{
"cve": "CVE-2023-30774",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30774"
},
{
"cve": "CVE-2023-30775",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30775"
},
{
"cve": "CVE-2023-31047",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-31047"
},
{
"cve": "CVE-2023-31284",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-31284"
},
{
"cve": "CVE-2023-32034",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32034"
},
{
"cve": "CVE-2023-32035",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32035"
},
{
"cve": "CVE-2023-32038",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32038"
},
{
"cve": "CVE-2023-32039",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32039"
},
{
"cve": "CVE-2023-32040",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32040"
},
{
"cve": "CVE-2023-32041",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32041"
},
{
"cve": "CVE-2023-32042",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32042"
},
{
"cve": "CVE-2023-32043",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32043"
},
{
"cve": "CVE-2023-32044",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32044"
},
{
"cve": "CVE-2023-32045",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32045"
},
{
"cve": "CVE-2023-32046",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32046"
},
{
"cve": "CVE-2023-32049",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32049"
},
{
"cve": "CVE-2023-32053",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32053"
},
{
"cve": "CVE-2023-32054",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32054"
},
{
"cve": "CVE-2023-32055",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32055"
},
{
"cve": "CVE-2023-32057",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32057"
},
{
"cve": "CVE-2023-32085",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32085"
},
{
"cve": "CVE-2023-32205",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32205"
},
{
"cve": "CVE-2023-32206",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32206"
},
{
"cve": "CVE-2023-32207",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32207"
},
{
"cve": "CVE-2023-32208",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32208"
},
{
"cve": "CVE-2023-32209",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32209"
},
{
"cve": "CVE-2023-32210",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32210"
},
{
"cve": "CVE-2023-32211",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32211"
},
{
"cve": "CVE-2023-32212",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32212"
},
{
"cve": "CVE-2023-32213",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32213"
},
{
"cve": "CVE-2023-32214",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32214"
},
{
"cve": "CVE-2023-32215",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32215"
},
{
"cve": "CVE-2023-32216",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32216"
},
{
"cve": "CVE-2023-32324",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32324"
},
{
"cve": "CVE-2023-33134",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33134"
},
{
"cve": "CVE-2023-33154",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33154"
},
{
"cve": "CVE-2023-33157",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33157"
},
{
"cve": "CVE-2023-33160",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33160"
},
{
"cve": "CVE-2023-33164",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33164"
},
{
"cve": "CVE-2023-33166",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33166"
},
{
"cve": "CVE-2023-33167",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33167"
},
{
"cve": "CVE-2023-33168",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33168"
},
{
"cve": "CVE-2023-33169",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33169"
},
{
"cve": "CVE-2023-33172",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33172"
},
{
"cve": "CVE-2023-33173",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33173"
},
{
"cve": "CVE-2023-33174",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33174"
},
{
"cve": "CVE-2023-34414",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34414"
},
{
"cve": "CVE-2023-34415",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34415"
},
{
"cve": "CVE-2023-34416",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34416"
},
{
"cve": "CVE-2023-34417",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34417"
},
{
"cve": "CVE-2023-3482",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-3482"
},
{
"cve": "CVE-2023-34981",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-35296",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35296"
},
{
"cve": "CVE-2023-35297",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35297"
},
{
"cve": "CVE-2023-35299",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35299"
},
{
"cve": "CVE-2023-35300",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35300"
},
{
"cve": "CVE-2023-35302",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35302"
},
{
"cve": "CVE-2023-35303",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35303"
},
{
"cve": "CVE-2023-35304",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35304"
},
{
"cve": "CVE-2023-35305",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35305"
},
{
"cve": "CVE-2023-35306",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35306"
},
{
"cve": "CVE-2023-35308",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35308"
},
{
"cve": "CVE-2023-35309",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35309"
},
{
"cve": "CVE-2023-35311",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35311"
},
{
"cve": "CVE-2023-35312",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35312"
},
{
"cve": "CVE-2023-35313",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35313"
},
{
"cve": "CVE-2023-35314",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35314"
},
{
"cve": "CVE-2023-35315",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35315"
},
{
"cve": "CVE-2023-35316",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35316"
},
{
"cve": "CVE-2023-35318",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35318"
},
{
"cve": "CVE-2023-35319",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35319"
},
{
"cve": "CVE-2023-35320",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35320"
},
{
"cve": "CVE-2023-35324",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35324"
},
{
"cve": "CVE-2023-35325",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35325"
},
{
"cve": "CVE-2023-35328",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35328"
},
{
"cve": "CVE-2023-35329",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35329"
},
{
"cve": "CVE-2023-35330",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35330"
},
{
"cve": "CVE-2023-35332",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35332"
},
{
"cve": "CVE-2023-35336",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35336"
},
{
"cve": "CVE-2023-35338",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35338"
},
{
"cve": "CVE-2023-35339",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35339"
},
{
"cve": "CVE-2023-35340",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35340"
},
{
"cve": "CVE-2023-35341",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35341"
},
{
"cve": "CVE-2023-35342",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35342"
},
{
"cve": "CVE-2023-35352",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35352"
},
{
"cve": "CVE-2023-35353",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35353"
},
{
"cve": "CVE-2023-35356",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35356"
},
{
"cve": "CVE-2023-35357",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35357"
},
{
"cve": "CVE-2023-35358",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35358"
},
{
"cve": "CVE-2023-35360",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35360"
},
{
"cve": "CVE-2023-35361",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35361"
},
{
"cve": "CVE-2023-35362",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35362"
},
{
"cve": "CVE-2023-35365",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35365"
},
{
"cve": "CVE-2023-35366",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35366"
},
{
"cve": "CVE-2023-35367",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35367"
},
{
"cve": "CVE-2023-3600",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-3600"
},
{
"cve": "CVE-2023-36871",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36871"
},
{
"cve": "CVE-2023-36874",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36874"
},
{
"cve": "CVE-2023-36884",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36884"
},
{
"cve": "CVE-2023-37201",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37201"
},
{
"cve": "CVE-2023-37202",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37202"
},
{
"cve": "CVE-2023-37203",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37203"
},
{
"cve": "CVE-2023-37204",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37204"
},
{
"cve": "CVE-2023-37205",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37205"
},
{
"cve": "CVE-2023-37206",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37206"
},
{
"cve": "CVE-2023-37207",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37207"
},
{
"cve": "CVE-2023-37208",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37208"
},
{
"cve": "CVE-2023-37209",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37209"
},
{
"cve": "CVE-2023-37210",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37210"
},
{
"cve": "CVE-2023-37211",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37211"
},
{
"cve": "CVE-2023-37212",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Servern mehrerer Versionen existieren mehrere Schwachstellen im Zusammenhang mit bekannten Windows, Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37212"
}
]
}
WID-SEC-W-2023-2688
Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00Summary
Oracle Retail Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a. von Handelsfirmen und der Gastronomie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2688 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2688.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2688 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2688"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Retail Applications vom 2023-10-17",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixRAPP"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-17T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:05.195+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2688",
"initial_release_date": "2023-10-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Retail Applications 16.0.3",
"product": {
"name": "Oracle Retail Applications 16.0.3",
"product_id": "T019034",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:16.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 19.0.1",
"product": {
"name": "Oracle Retail Applications 19.0.1",
"product_id": "T019038",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:19.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 15.0.3.1",
"product": {
"name": "Oracle Retail Applications 15.0.3.1",
"product_id": "T019909",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:15.0.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 14.1.3.2",
"product": {
"name": "Oracle Retail Applications 14.1.3.2",
"product_id": "T019910",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:14.1.3.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 20.0.1",
"product": {
"name": "Oracle Retail Applications 20.0.1",
"product_id": "T019911",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:20.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 14.2",
"product": {
"name": "Oracle Retail Applications 14.2",
"product_id": "T021712",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:14.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 21.0.0",
"product": {
"name": "Oracle Retail Applications 21.0.0",
"product_id": "T022878",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:21.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 18.0.5",
"product": {
"name": "Oracle Retail Applications 18.0.5",
"product_id": "T027398",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:18.0.5"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 19.0.4",
"product": {
"name": "Oracle Retail Applications 19.0.4",
"product_id": "T027399",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:19.0.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 20.0.3",
"product": {
"name": "Oracle Retail Applications 20.0.3",
"product_id": "T027400",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:20.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 21.0.2",
"product": {
"name": "Oracle Retail Applications 21.0.2",
"product_id": "T027401",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:21.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 18.0.0.13",
"product": {
"name": "Oracle Retail Applications 18.0.0.13",
"product_id": "T030614",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:18.0.0.13"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 19.0.0.7",
"product": {
"name": "Oracle Retail Applications 19.0.0.7",
"product_id": "T030615",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:19.0.0.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 22.0.0",
"product": {
"name": "Oracle Retail Applications 22.0.0",
"product_id": "T030616",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:22.0.0"
}
}
}
],
"category": "product_name",
"name": "Retail Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39017",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-39017"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-26049",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-26049"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-20863",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019034",
"T019038",
"T022878",
"T019911",
"T019910",
"T021712",
"T030615",
"T030614",
"T027401",
"T030616",
"T027399",
"T027400",
"T019909",
"T027398"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-1471"
}
]
}
WID-SEC-W-2023-1142
Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-06-09 22:00Summary
Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - Linux
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1142 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1142 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-05-03",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3193"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3622"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28",
"url": "https://access.redhat.com/errata/RHSA-2023:3906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4507"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4505"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16",
"url": "https://access.redhat.com/errata/RHSA-2023:4612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4919"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4921"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4920"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7670"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
"url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/ALAS-2024-1910.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3541 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
}
],
"source_lang": "en-US",
"title": "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-09T22:00:00.000+00:00",
"generator": {
"date": "2025-06-10T11:09:16.733+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1142",
"initial_release_date": "2023-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-07T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-31T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-06T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Integration Camel for Spring Boot \u003c3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot \u003c3.20.1",
"product_id": "T027614"
}
},
{
"category": "product_version",
"name": "Integration Camel for Spring Boot 3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot 3.20.1",
"product_id": "T027614-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:integration_camel_for_spring_boot__3.20.1"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel Extensions for Quarkus 1",
"product": {
"name": "Red Hat Integration Camel Extensions for Quarkus 1",
"product_id": "T026453",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Integration",
"product": {
"name": "Red Hat Integration",
"product_id": "T033960",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:-"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.10.62",
"product_id": "T028308"
}
},
{
"category": "product_version",
"name": "Container Platform 4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10.62",
"product_id": "T028308-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.10.62"
}
}
},
{
"category": "product_version",
"name": "Application Runtimes",
"product": {
"name": "Red Hat OpenShift Application Runtimes",
"product_id": "T029341",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:application_runtimes"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-31777",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-31777"
},
{
"cve": "CVE-2022-33681",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-33681"
},
{
"cve": "CVE-2022-37865",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37865"
},
{
"cve": "CVE-2022-37866",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37866"
},
{
"cve": "CVE-2022-38398",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38398"
},
{
"cve": "CVE-2022-38648",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38648"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-39368",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-39368"
},
{
"cve": "CVE-2022-40146",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-40150",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40151",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40151"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40156",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40156"
},
{
"cve": "CVE-2022-41704",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-41852",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41852"
},
{
"cve": "CVE-2022-41853",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41853"
},
{
"cve": "CVE-2022-41854",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-41881",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-41966",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42890",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-4492",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-1436",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-20860",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-20861",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20863",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-22602",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-22602"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2024-0054
Vulnerability from csaf_certbund - Published: 2024-01-09 23:00 - Updated: 2024-01-09 23:00Summary
IBM Security Verify Access: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Security Verify Access, ehemals IBM Security Access Manager (ISAM), ist eine Zugriffsverwaltungslösung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Security Verify Access ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuführen. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Verify Access, ehemals IBM Security Access Manager (ISAM), ist eine Zugriffsverwaltungsl\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Security Verify Access ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0054 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0054.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0054 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0054"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7106586 vom 2024-01-09",
"url": "https://www.ibm.com/support/pages/node/7106586"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7106583 vom 2024-01-09",
"url": "https://www.ibm.com/support/pages/node/7106583"
}
],
"source_lang": "en-US",
"title": "IBM Security Verify Access: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-09T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:29.433+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0054",
"initial_release_date": "2024-01-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Security Verify Access \u003c 10.0.7-ISS-ISVA-FP0000",
"product": {
"name": "IBM Security Verify Access \u003c 10.0.7-ISS-ISVA-FP0000",
"product_id": "T031968",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.7-iss-isva-fp0000"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2032-43016",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2032-43016"
},
{
"cve": "CVE-2023-43017",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-43017"
},
{
"cve": "CVE-2023-40225",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-40225"
},
{
"cve": "CVE-2023-39417",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-39417"
},
{
"cve": "CVE-2023-38369",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-38369"
},
{
"cve": "CVE-2023-38267",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-38267"
},
{
"cve": "CVE-2023-32697",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32697"
},
{
"cve": "CVE-2023-32330",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32330"
},
{
"cve": "CVE-2023-32329",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32329"
},
{
"cve": "CVE-2023-32328",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32328"
},
{
"cve": "CVE-2023-32327",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32327"
},
{
"cve": "CVE-2023-31006",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31006"
},
{
"cve": "CVE-2023-31005",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31005"
},
{
"cve": "CVE-2023-31004",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31004"
},
{
"cve": "CVE-2023-31003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31003"
},
{
"cve": "CVE-2023-31002",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31002"
},
{
"cve": "CVE-2023-31001",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-31001"
},
{
"cve": "CVE-2023-30999",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-30999"
},
{
"cve": "CVE-2023-25725",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-25725"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-2455",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-2455"
},
{
"cve": "CVE-2023-2454",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-2454"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2022-41862",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-41862"
},
{
"cve": "CVE-2022-2625",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-2625"
},
{
"cve": "CVE-2022-2068",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-2068"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2020-11100",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2020-11100"
},
{
"cve": "CVE-2019-19330",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2019-19330"
},
{
"cve": "CVE-2019-18277",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2019-18277"
},
{
"cve": "CVE-2019-18276",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2019-18276"
},
{
"cve": "CVE-2019-14241",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2019-14241"
},
{
"cve": "CVE-2017-18342",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2017-18342"
},
{
"cve": "CVE-2015-5237",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in IBM Security Verify Access. Diese Fehler bestehen in mehreren Komponenten wie Access Manager Container und Drittanbieter-Modulen wie PostgreSQL oder HAProxy. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder komplexe Angriffe wie Cache-Poisoning, Cross-Site-Scripting oder Session-Hijacking durchzuf\u00fchren. Einige der Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
}
],
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2015-5237"
}
]
}
WID-SEC-W-2024-1622
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-07-16 22:00Summary
Oracle Commerce: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Commerce ist eine elektronische Handelsplattform.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Windows
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Commerce ist eine elektronische Handelsplattform.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1622 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1622.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1622 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1622"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Commerce vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixOCOM"
}
],
"source_lang": "en-US",
"title": "Oracle Commerce: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:21.987+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1622",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.3.0",
"product": {
"name": "Oracle Commerce 11.3.0",
"product_id": "T018931",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.0"
}
}
},
{
"category": "product_version",
"name": "11.3.1",
"product": {
"name": "Oracle Commerce 11.3.1",
"product_id": "T018932",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.1"
}
}
},
{
"category": "product_version",
"name": "11.3.2",
"product": {
"name": "Oracle Commerce 11.3.2",
"product_id": "T018933",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.2"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-28752",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
}
]
}
WID-SEC-W-2023-1424
Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2023-06-12 22:00Summary
Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme: - UNIX
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1424 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1424 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-06-12",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server f\u00fcr Solaris: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:52:15.756+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1424",
"initial_release_date": "2023-06-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28708",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28176",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28176"
},
{
"cve": "CVE-2023-28164",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28164"
},
{
"cve": "CVE-2023-28163",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28163"
},
{
"cve": "CVE-2023-28162",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28162"
},
{
"cve": "CVE-2023-27522",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-27522"
},
{
"cve": "CVE-2023-25752",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25752"
},
{
"cve": "CVE-2023-25751",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25751"
},
{
"cve": "CVE-2023-25746",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25746"
},
{
"cve": "CVE-2023-25744",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25744"
},
{
"cve": "CVE-2023-25743",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25743"
},
{
"cve": "CVE-2023-25742",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25742"
},
{
"cve": "CVE-2023-25739",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25739"
},
{
"cve": "CVE-2023-25738",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25738"
},
{
"cve": "CVE-2023-25737",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25737"
},
{
"cve": "CVE-2023-25735",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25735"
},
{
"cve": "CVE-2023-25734",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25734"
},
{
"cve": "CVE-2023-25732",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25732"
},
{
"cve": "CVE-2023-25730",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25730"
},
{
"cve": "CVE-2023-25729",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25729"
},
{
"cve": "CVE-2023-25728",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25728"
},
{
"cve": "CVE-2023-25690",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-24807",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24807"
},
{
"cve": "CVE-2023-24580",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24580"
},
{
"cve": "CVE-2023-23969",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23969"
},
{
"cve": "CVE-2023-23946",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23946"
},
{
"cve": "CVE-2023-23936",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23936"
},
{
"cve": "CVE-2023-23920",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23920"
},
{
"cve": "CVE-2023-23919",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23919"
},
{
"cve": "CVE-2023-23918",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23918"
},
{
"cve": "CVE-2023-23605",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23605"
},
{
"cve": "CVE-2023-23603",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23603"
},
{
"cve": "CVE-2023-23602",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23602"
},
{
"cve": "CVE-2023-23601",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23601"
},
{
"cve": "CVE-2023-23599",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23599"
},
{
"cve": "CVE-2023-23598",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23598"
},
{
"cve": "CVE-2023-22809",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22809"
},
{
"cve": "CVE-2023-22490",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22490"
},
{
"cve": "CVE-2023-22003",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22003"
},
{
"cve": "CVE-2023-21985",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21985"
},
{
"cve": "CVE-2023-21984",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21984"
},
{
"cve": "CVE-2023-21928",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21928"
},
{
"cve": "CVE-2023-21896",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21896"
},
{
"cve": "CVE-2023-21843",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21843"
},
{
"cve": "CVE-2023-21840",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21840"
},
{
"cve": "CVE-2023-21830",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21830"
},
{
"cve": "CVE-2023-0804",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0804"
},
{
"cve": "CVE-2023-0803",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0803"
},
{
"cve": "CVE-2023-0802",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0802"
},
{
"cve": "CVE-2023-0801",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0801"
},
{
"cve": "CVE-2023-0800",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0800"
},
{
"cve": "CVE-2023-0799",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0799"
},
{
"cve": "CVE-2023-0798",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0798"
},
{
"cve": "CVE-2023-0797",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0797"
},
{
"cve": "CVE-2023-0796",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0796"
},
{
"cve": "CVE-2023-0795",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0795"
},
{
"cve": "CVE-2023-0767",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0767"
},
{
"cve": "CVE-2023-0662",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0662"
},
{
"cve": "CVE-2023-0616",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0616"
},
{
"cve": "CVE-2023-0568",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0568"
},
{
"cve": "CVE-2023-0567",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0567"
},
{
"cve": "CVE-2023-0430",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0430"
},
{
"cve": "CVE-2023-0417",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0417"
},
{
"cve": "CVE-2023-0416",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0416"
},
{
"cve": "CVE-2023-0415",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0415"
},
{
"cve": "CVE-2023-0414",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0414"
},
{
"cve": "CVE-2023-0413",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0413"
},
{
"cve": "CVE-2023-0412",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0412"
},
{
"cve": "CVE-2023-0411",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0411"
},
{
"cve": "CVE-2023-0401",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0401"
},
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0217",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0217"
},
{
"cve": "CVE-2023-0216",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0216"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2022-48281",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-48281"
},
{
"cve": "CVE-2022-46877",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46877"
},
{
"cve": "CVE-2022-46874",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46874"
},
{
"cve": "CVE-2022-46871",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46871"
},
{
"cve": "CVE-2022-46344",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46344"
},
{
"cve": "CVE-2022-46343",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46343"
},
{
"cve": "CVE-2022-46342",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46342"
},
{
"cve": "CVE-2022-46341",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T028053"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46341"
},
{
"cve": "CVE-2022-46340",
"n