Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23901 (GCVE-0-2021-23901)
Vulnerability from cvelistv5 – Published: 2021-01-25 09:25 – Updated: 2025-02-13 16:27
VLAI
EPSS
Title
An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser
Summary
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
Severity
No CVSS data available.
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/r090321840b4… | x_refsource_MISC |
| https://issues.apache.org/jira/browse/NUTCH-2841 | x_refsource_MISC |
| https://lists.apache.org/thread.html/r7ddfd680aa7… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r5e2f7737b42… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2021051… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Nutch |
Affected:
Apache Nutch , ≤ 1.17
(custom)
|
Credits
The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Nutch",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.17",
"status": "affected",
"version": "Apache Nutch",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T19:15:43.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
],
"source": {
"defect": [
"NUTCH-2841"
],
"discovery": "UNKNOWN"
},
"title": "An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-23901",
"STATE": "PUBLIC",
"TITLE": "An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Nutch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Nutch",
"version_value": "1.17"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/NUTCH-2841",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
]
},
"source": {
"defect": [
"NUTCH-2841"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-23901",
"datePublished": "2021-01-25T09:25:14.000Z",
"dateReserved": "2021-01-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:46.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-23901",
"date": "2026-05-30",
"epss": "0.01068",
"percentile": "0.78013"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:nutch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.18\", \"matchCriteriaId\": \"5F4D691E-6CD6-497F-A81C-AE5144D3870E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 una vulnerabilidad de inyecci\\u00f3n de XML external entity (XXE) en Nutch DmozParser y se sabe que afecta a Nutch versiones anteriores a 1.18. Una inyecci\\u00f3n de entidad externa XML (tambi\\u00e9n se conoce como XXE) es una vulnerabilidad de seguridad web que permite a un atacante interferir con el procesamiento de datos XML de una aplicaci\\u00f3n. A menudo permite a un atacante visualizar archivos en el sistema de archivos del servidor de aplicaciones e interactuar con cualquier sistema del back-end o externo al que la aplicaci\\u00f3n pueda acceder. Este problema se corrigi\\u00f3 en Apache Nutch versi\\u00f3n 1.18\"}]",
"id": "CVE-2021-23901",
"lastModified": "2024-11-21T05:52:01.927",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-01-25T10:16:33.470",
"references": "[{\"url\": \"https://issues.apache.org/jira/browse/NUTCH-2841\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210513-0003/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://issues.apache.org/jira/browse/NUTCH-2841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210513-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23901\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-01-25T10:16:33.470\",\"lastModified\":\"2024-11-21T05:52:01.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n de XML external entity (XXE) en Nutch DmozParser y se sabe que afecta a Nutch versiones anteriores a 1.18. Una inyecci\u00f3n de entidad externa XML (tambi\u00e9n se conoce como XXE) es una vulnerabilidad de seguridad web que permite a un atacante interferir con el procesamiento de datos XML de una aplicaci\u00f3n. A menudo permite a un atacante visualizar archivos en el sistema de archivos del servidor de aplicaciones e interactuar con cualquier sistema del back-end o externo al que la aplicaci\u00f3n pueda acceder. Este problema se corrigi\u00f3 en Apache Nutch versi\u00f3n 1.18\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nutch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18\",\"matchCriteriaId\":\"5F4D691E-6CD6-497F-A81C-AE5144D3870E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]}],\"references\":[{\"url\":\"https://issues.apache.org/jira/browse/NUTCH-2841\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210513-0003/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/NUTCH-2841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210513-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Apache Nutch XML外部实体注入漏洞
Description
Apache Nutch是Apache基金会的一个基于Java的可扩展的爬虫软件。
Apache Nutch 1.18之前版本存在XML外部实体注入漏洞,该漏洞允许攻击者查看应用程序服务器文件系统上的文件,并与应用程序本身可以访问的任何后端或外部系统进行交互。
Severity
中
Patch Name
Apache Nutch XML外部实体注入漏洞的补丁
Patch Description
Apache Nutch是Apache基金会的一个基于Java的可扩展的爬虫软件。
Apache Nutch 1.18之前版本存在XML外部实体注入漏洞,该漏洞允许攻击者查看应用程序服务器文件系统上的文件,并与应用程序本身可以访问的任何后端或外部系统进行交互。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-23901
Impacted products
| Name | Apache Nutch <1.18 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-23901",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23901"
}
},
"description": "Apache Nutch\u662fApache\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u57fa\u4e8eJava\u7684\u53ef\u6269\u5c55\u7684\u722c\u866b\u8f6f\u4ef6\u3002\n\nApache Nutch 1.18\u4e4b\u524d\u7248\u672c\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\uff0c\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u672c\u8eab\u53ef\u4ee5\u8bbf\u95ee\u7684\u4efb\u4f55\u540e\u7aef\u6216\u5916\u90e8\u7cfb\u7edf\u8fdb\u884c\u4ea4\u4e92\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-08887",
"openTime": "2021-02-03",
"patchDescription": "Apache Nutch\u662fApache\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u57fa\u4e8eJava\u7684\u53ef\u6269\u5c55\u7684\u722c\u866b\u8f6f\u4ef6\u3002\r\n\r\nApache Nutch 1.18\u4e4b\u524d\u7248\u672c\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\uff0c\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u672c\u8eab\u53ef\u4ee5\u8bbf\u95ee\u7684\u4efb\u4f55\u540e\u7aef\u6216\u5916\u90e8\u7cfb\u7edf\u8fdb\u884c\u4ea4\u4e92\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Nutch XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache Nutch \u003c1.18"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23901",
"serverity": "\u4e2d",
"submitTime": "2021-01-27",
"title": "Apache Nutch XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e"
}
FKIE_CVE-2021-23901
Vulnerability from fkie_nvd - Published: 2021-01-25 10:16 - Updated: 2024-11-21 05:52
Severity
Summary
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | nutch | * | |
| netapp | snap_creator_framework | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nutch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4D691E-6CD6-497F-A81C-AE5144D3870E",
"versionEndExcluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n de XML external entity (XXE) en Nutch DmozParser y se sabe que afecta a Nutch versiones anteriores a 1.18. Una inyecci\u00f3n de entidad externa XML (tambi\u00e9n se conoce como XXE) es una vulnerabilidad de seguridad web que permite a un atacante interferir con el procesamiento de datos XML de una aplicaci\u00f3n. A menudo permite a un atacante visualizar archivos en el sistema de archivos del servidor de aplicaciones e interactuar con cualquier sistema del back-end o externo al que la aplicaci\u00f3n pueda acceder. Este problema se corrigi\u00f3 en Apache Nutch versi\u00f3n 1.18"
}
],
"id": "CVE-2021-23901",
"lastModified": "2024-11-21T05:52:01.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-25T10:16:33.470",
"references": [
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FXHP-WRW9-3R97
Vulnerability from github – Published: 2022-03-18 17:46 – Updated: 2022-03-18 17:46
VLAI
Summary
XML external entity (XXE) injection in Apache Nutch
Details
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
Severity
9.1 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.nutch:nutch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23901"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-06T19:54:36Z",
"nvd_published_at": "2021-01-25T10:16:00Z",
"severity": "CRITICAL"
},
"details": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.",
"id": "GHSA-fxhp-wrw9-3r97",
"modified": "2022-03-18T17:46:29Z",
"published": "2022-03-18T17:46:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23901"
},
{
"type": "WEB",
"url": "https://github.com/apache/nutch/pull/563"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210513-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XML external entity (XXE) injection in Apache Nutch"
}
GSD-2021-23901
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-23901",
"description": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.",
"id": "GSD-2021-23901",
"references": [
"https://www.suse.com/security/cve/CVE-2021-23901.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-23901"
],
"details": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.",
"id": "GSD-2021-23901",
"modified": "2023-12-13T01:23:30.063507Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-23901",
"STATE": "PUBLIC",
"TITLE": "An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Nutch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Nutch",
"version_value": "1.17"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/NUTCH-2841",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
]
},
"source": {
"defect": [
"NUTCH-2841"
],
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.18)",
"affected_versions": "All versions before 1.18",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-611",
"CWE-937"
],
"date": "2021-05-17",
"description": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch `DmozParser` and is known to affect Nutch XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data.",
"fixed_versions": [
"1.18"
],
"identifier": "CVE-2021-23901",
"identifiers": [
"CVE-2021-23901"
],
"not_impacted": "All versions starting from 1.18",
"package_slug": "maven/org.apache.nutch/nutch",
"pubdate": "2021-01-25",
"solution": "Upgrade to version 1.18 or above.",
"title": "Improper Restriction of XML External Entity Reference",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-23901"
],
"uuid": "a17583cf-864d-450a-a21f-df483a2d75ff"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:nutch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-23901"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3E"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-05-17T19:59Z",
"publishedDate": "2021-01-25T10:16Z"
}
}
}
SUSE-SU-2021:0323-1
Vulnerability from csaf_suse - Published: 2021-02-08 09:30 - Updated: 2021-02-08 09:30Summary
Security update for nutch-core
Severity
Moderate
Notes
Title of the patch: Security update for nutch-core
Description of the patch: This update for nutch-core fixes the following issue:
- CVE-2021-23901: fixed an XML external entity (XXE) injection in `DmozParser` (bsc#1181356)
Patchnames: SUSE-2021-323,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-323
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:nutch-core-1.0.1-4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nutch-core",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nutch-core fixes the following issue:\n\n- CVE-2021-23901: fixed an XML external entity (XXE) injection in `DmozParser` (bsc#1181356)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-323,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-323",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0323-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0323-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210323-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0323-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008278.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181356",
"url": "https://bugzilla.suse.com/1181356"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23901 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23901/"
}
],
"title": "Security update for nutch-core",
"tracking": {
"current_release_date": "2021-02-08T09:30:11Z",
"generator": {
"date": "2021-02-08T09:30:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0323-1",
"initial_release_date": "2021-02-08T09:30:11Z",
"revision_history": [
{
"date": "2021-02-08T09:30:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nutch-core-1.0.1-4.3.1.noarch",
"product": {
"name": "nutch-core-1.0.1-4.3.1.noarch",
"product_id": "nutch-core-1.0.1-4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nutch-core-1.0.1-4.3.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:nutch-core-1.0.1-4.3.1.noarch"
},
"product_reference": "nutch-core-1.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23901"
}
],
"notes": [
{
"category": "general",
"text": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:nutch-core-1.0.1-4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23901",
"url": "https://www.suse.com/security/cve/CVE-2021-23901"
},
{
"category": "external",
"summary": "SUSE Bug 1181356 for CVE-2021-23901",
"url": "https://bugzilla.suse.com/1181356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:nutch-core-1.0.1-4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:nutch-core-1.0.1-4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-08T09:30:11Z",
"details": "critical"
}
],
"title": "CVE-2021-23901"
}
]
}
SUSE-SU-2021:0448-1
Vulnerability from csaf_suse - Published: 2021-02-12 10:37 - Updated: 2021-02-12 10:37Summary
Security update for SUSE Manager Server 4.0
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Server 4.0
Description of the patch: This update fixes the following issues:
cpu-mitigations-formula:
- Handle unsupported target systems gracefully (bsc#1179273)
- add mitigations for Xen hypervisor
nutch-core:
- Fix XXE injection in DmozParser CVE-2021-23901 (bsc#1181356)
smdba:
- Do not remove the database if there is no backup and deal with manifest
- Fix smdba throws error on mgr-setup/installation
- Raise an exception on failed external process call
- Fix TablePrint formatting
- Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030)
- Revert modifying cpu_tuple_cost
- Adapted spec file for RHEL8
- Adapt recover mechanism for postgresql12 and later
spacecmd:
- Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)
spacewalk-backend:
- Reposync: Fixed Kickstart functionality.
- Reposync: Fixed URLGrabber error handling.
- Reposync: Fix modular data handling for cloned channels (bsc#1177508)
- Truncate author name in the changelog (bsc#1180285)
- Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)
- Prevent tracebacks on missing mail configuration (bsc#1179990)
- Fix pycurl.error handling in suseLib.py (bsc#1179990)
- Use sanitized repo label to build reposync repo cache path (bsc#1179410)
- Quote the proxy settings to be used by Zypper (bsc#1179087)
- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
- Fix errors in spacewalk-debug and align postgresql queries to new DB version
spacewalk-branding:
- Set Copyright year to 2021
spacewalk-certs-tools:
- Improve check for correct CA trust store directory (bsc#1176417)
spacewalk-java:
- Fix modular data handling for cloned channels (bsc#1177508)
- Fix reboot action race condition (bsc#1177031)
- Fix availability check for debian repositories (bsc#1180127)
- Ignore duplicate NEVRAs in package profile update (bsc#1176018)
- Prevent deletion of CLM environments if they're used in an autoinstallation profile (bsc#1179552)
- Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#1179872)
- Add validation for custom repository labels
- Fix expanded support detection based on CentOS installations (bsc#1179589)
- Add translation strings for newly added countries and timezones (jsc#PM-2081)
- Fix the activation key handling from kickstart profile (bsc#1178647)
- Update exception message in findSyncedMandatoryChannels
- Fix check for available products on ISS Slaves (bsc#1177184)
- Get media.1/products for cloned channels (bsc#1178303)
- Calculate size to truncate a history message based on the htmlified version (bsc#1178503)
- Change message 'Minion is down' to be more accurate
- XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)
spacewalk-reports:
- Fixes no file content in `spacewalk-report config-files`
- Write `<binary data>` placeholder instead of dumping binary data
spacewalk-utils:
- Fix modular data handling for cloned channels (bsc#1177508)
spacewalk-web:
- Prevent deletion of CLM environments if they're used in an autoinstallation
profile (bsc#1179552)
- Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)
supportutils-plugin-susemanager:
- Remove checks for obsolete packages
- Gather new configfiles
- Add more important informations
susemanager-doc-indexes:
- Added new section for bootstrap repository for end of life products
in Client Configuration Guide
- Remove old certs before renaming moved to Administration Guide (bsc#1171836)
- Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)
- Combining activation keys works only with traditional clients.
Updated in Client Configuration Guide and Reference. (bsc#1164451)
susemanager-docs_en:
- Added new section for bootstrap repository for end of life products in Client Configuration Guide
- Remove old certs before renaming moved to Administration Guide (bsc#1171836)
- Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)
- Combining activation keys works only with traditional clients.
Updated Client Configuration Guide and Reference. (bsc#1164451)
susemanager-frontend-libs:
- Update Bootstrap to 3.1.0
susemanager-schema:
- Add new valid countries and timezones (jsc#PM-2081)
susemanager-sls:
- Fix apt login for similar channel labels (bsc#1180803)
- Change behavior of mgrcompat wrapper after deprecation changes on Salt 3002
- Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227)
- Fix: sync before start action chains (bsc#1177336)
susemanager-sync-data:
- Change centos 6 URLs to vault.centos.org
- Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS
- Remove duplicate repo definition
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
`spacewalk-schema-upgrade`
5. Start the Spacewalk service:
`spacewalk-service start`
Patchnames: SUSE-2021-448,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-448
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.0:cpu-mitigations-formula-0.3-4.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:nutch-core-1.0.1-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacecmd-4.0.22-3.25.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.26-3.39.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.26-3.39.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.26-3.39.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.18-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.26-3.39.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.41-3.51.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.41-3.51.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.41-3.51.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.41-3.51.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-reports-4.0.6-3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.41-3.51.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-utils-4.0.19-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:supportutils-plugin-susemanager-4.0.5-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-doc-indexes-4.0-10.30.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-docs_en-4.0-10.30.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-docs_en-pdf-4.0-10.30.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.3-4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.24-3.35.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.32-3.40.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.20-3.32.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.26-3.39.3.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ncpu-mitigations-formula:\n\n- Handle unsupported target systems gracefully (bsc#1179273)\n- add mitigations for Xen hypervisor \n\nnutch-core:\n\n- Fix XXE injection in DmozParser CVE-2021-23901 (bsc#1181356)\n\nsmdba:\n\n- Do not remove the database if there is no backup and deal with manifest\n- Fix smdba throws error on mgr-setup/installation \n- Raise an exception on failed external process call\n- Fix TablePrint formatting\n- Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030)\n- Revert modifying cpu_tuple_cost\n- Adapted spec file for RHEL8\n- Adapt recover mechanism for postgresql12 and later\n\nspacecmd:\n\n- Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)\n\nspacewalk-backend:\n\n- Reposync: Fixed Kickstart functionality.\n- Reposync: Fixed URLGrabber error handling.\n- Reposync: Fix modular data handling for cloned channels (bsc#1177508)\n- Truncate author name in the changelog (bsc#1180285)\n- Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)\n- Prevent tracebacks on missing mail configuration (bsc#1179990)\n- Fix pycurl.error handling in suseLib.py (bsc#1179990)\n- Use sanitized repo label to build reposync repo cache path (bsc#1179410)\n- Quote the proxy settings to be used by Zypper (bsc#1179087)\n- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories\n- Fix errors in spacewalk-debug and align postgresql queries to new DB version\n\nspacewalk-branding:\n\n- Set Copyright year to 2021\n\nspacewalk-certs-tools:\n\n- Improve check for correct CA trust store directory (bsc#1176417)\n\nspacewalk-java:\n\n- Fix modular data handling for cloned channels (bsc#1177508)\n- Fix reboot action race condition (bsc#1177031)\n- Fix availability check for debian repositories (bsc#1180127)\n- Ignore duplicate NEVRAs in package profile update (bsc#1176018)\n- Prevent deletion of CLM environments if they\u0027re used in an autoinstallation profile (bsc#1179552)\n- Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#1179872)\n- Add validation for custom repository labels\n- Fix expanded support detection based on CentOS installations (bsc#1179589)\n- Add translation strings for newly added countries and timezones (jsc#PM-2081)\n- Fix the activation key handling from kickstart profile (bsc#1178647)\n- Update exception message in findSyncedMandatoryChannels\n- Fix check for available products on ISS Slaves (bsc#1177184)\n- Get media.1/products for cloned channels (bsc#1178303)\n- Calculate size to truncate a history message based on the htmlified version (bsc#1178503)\n- Change message \u0027Minion is down\u0027 to be more accurate\n- XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)\n\nspacewalk-reports:\n\n- Fixes no file content in `spacewalk-report config-files`\n- Write `\u003cbinary data\u003e` placeholder instead of dumping binary data\n\nspacewalk-utils:\n\n- Fix modular data handling for cloned channels (bsc#1177508)\n\nspacewalk-web:\n\n- Prevent deletion of CLM environments if they\u0027re used in an autoinstallation\n profile (bsc#1179552)\n- Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)\n\nsupportutils-plugin-susemanager:\n\n- Remove checks for obsolete packages\n- Gather new configfiles\n- Add more important informations\n\nsusemanager-doc-indexes:\n\n- Added new section for bootstrap repository for end of life products \n in Client Configuration Guide\n- Remove old certs before renaming moved to Administration Guide (bsc#1171836)\n- Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)\n- Combining activation keys works only with traditional clients. \n Updated in Client Configuration Guide and Reference. (bsc#1164451)\n\nsusemanager-docs_en:\n\n- Added new section for bootstrap repository for end of life products in Client Configuration Guide\n- Remove old certs before renaming moved to Administration Guide (bsc#1171836)\n- Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)\n- Combining activation keys works only with traditional clients. \n Updated Client Configuration Guide and Reference. (bsc#1164451)\n\nsusemanager-frontend-libs:\n\n- Update Bootstrap to 3.1.0\n\nsusemanager-schema:\n\n- Add new valid countries and timezones (jsc#PM-2081)\n\nsusemanager-sls:\n\n- Fix apt login for similar channel labels (bsc#1180803)\n- Change behavior of mgrcompat wrapper after deprecation changes on Salt 3002\n- Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227)\n- Fix: sync before start action chains (bsc#1177336)\n\nsusemanager-sync-data:\n\n- Change centos 6 URLs to vault.centos.org\n- Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS\n- Remove duplicate repo definition\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\n`spacewalk-schema-upgrade`\n5. Start the Spacewalk service:\n`spacewalk-service start`\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-448,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-448",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0448-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0448-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210448-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0448-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008319.html"
},
{
"category": "self",
"summary": "SUSE Bug 1164227",
"url": "https://bugzilla.suse.com/1164227"
},
{
"category": "self",
"summary": "SUSE Bug 1164451",
"url": "https://bugzilla.suse.com/1164451"
},
{
"category": "self",
"summary": "SUSE Bug 1171836",
"url": "https://bugzilla.suse.com/1171836"
},
{
"category": "self",
"summary": "SUSE Bug 1176018",
"url": "https://bugzilla.suse.com/1176018"
},
{
"category": "self",
"summary": "SUSE Bug 1176417",
"url": "https://bugzilla.suse.com/1176417"
},
{
"category": "self",
"summary": "SUSE Bug 1176823",
"url": "https://bugzilla.suse.com/1176823"
},
{
"category": "self",
"summary": "SUSE Bug 1176898",
"url": "https://bugzilla.suse.com/1176898"
},
{
"category": "self",
"summary": "SUSE Bug 1176906",
"url": "https://bugzilla.suse.com/1176906"
},
{
"category": "self",
"summary": "SUSE Bug 1177031",
"url": "https://bugzilla.suse.com/1177031"
},
{
"category": "self",
"summary": "SUSE Bug 1177184",
"url": "https://bugzilla.suse.com/1177184"
},
{
"category": "self",
"summary": "SUSE Bug 1177336",
"url": "https://bugzilla.suse.com/1177336"
},
{
"category": "self",
"summary": "SUSE Bug 1177508",
"url": "https://bugzilla.suse.com/1177508"
},
{
"category": "self",
"summary": "SUSE Bug 1178303",
"url": "https://bugzilla.suse.com/1178303"
},
{
"category": "self",
"summary": "SUSE Bug 1178503",
"url": "https://bugzilla.suse.com/1178503"
},
{
"category": "self",
"summary": "SUSE Bug 1178647",
"url": "https://bugzilla.suse.com/1178647"
},
{
"category": "self",
"summary": "SUSE Bug 1178839",
"url": "https://bugzilla.suse.com/1178839"
},
{
"category": "self",
"summary": "SUSE Bug 1179087",
"url": "https://bugzilla.suse.com/1179087"
},
{
"category": "self",
"summary": "SUSE Bug 1179273",
"url": "https://bugzilla.suse.com/1179273"
},
{
"category": "self",
"summary": "SUSE Bug 1179410",
"url": "https://bugzilla.suse.com/1179410"
},
{
"category": "self",
"summary": "SUSE Bug 1179552",
"url": "https://bugzilla.suse.com/1179552"
},
{
"category": "self",
"summary": "SUSE Bug 1179589",
"url": "https://bugzilla.suse.com/1179589"
},
{
"category": "self",
"summary": "SUSE Bug 1179872",
"url": "https://bugzilla.suse.com/1179872"
},
{
"category": "self",
"summary": "SUSE Bug 1179990",
"url": "https://bugzilla.suse.com/1179990"
},
{
"category": "self",
"summary": "SUSE Bug 1180001",
"url": "https://bugzilla.suse.com/1180001"
},
{
"category": "self",
"summary": "SUSE Bug 1180127",
"url": "https://bugzilla.suse.com/1180127"
},
{
"category": "self",
"summary": "SUSE Bug 1180285",
"url": "https://bugzilla.suse.com/1180285"
},
{
"category": "self",
"summary": "SUSE Bug 1180803",
"url": "https://bugzilla.suse.com/1180803"
},
{
"category": "self",
"summary": "SUSE Bug 1181356",
"url": "https://bugzilla.suse.com/1181356"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23901 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23901/"
}
],
"title": "Security update for SUSE Manager Server 4.0",
"tracking": {
"current_release_date": "2021-02-12T10:37:16Z",
"generator": {
"date": "2021-02-12T10:37:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0448-1",
"initial_release_date": "2021-02-12T10:37:16Z",
"revision_history": [
{
"date": "2021-02-12T10:37:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "smdba-1.7.8-0.3.3.2.aarch64",
"product": {
"name": "smdba-1.7.8-0.3.3.2.aarch64",
"product_id": "smdba-1.7.8-0.3.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.0.19-3.21.3.aarch64",
"product": {
"name": "spacewalk-branding-4.0.19-3.21.3.aarch64",
"product_id": "spacewalk-branding-4.0.19-3.21.3.aarch64"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-devel-4.0.19-3.21.3.aarch64",
"product": {
"name": "spacewalk-branding-devel-4.0.19-3.21.3.aarch64",
"product_id": "spacewalk-branding-devel-4.0.19-3.21.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpu-mitigations-formula-0.3-4.9.2.noarch",
"product": {
"name": "cpu-mitigations-formula-0.3-4.9.2.noarch",
"product_id": "cpu-mitigations-formula-0.3-4.9.2.noarch"
}
},
{
"category": "product_version",
"name": "nodejs-packaging-1.1.0-3.3.2.noarch",
"product": {
"name": "nodejs-packaging-1.1.0-3.3.2.noarch",
"product_id": "nodejs-packaging-1.1.0-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "nutch-core-1.0.1-4.5.2.noarch",
"product": {
"name": "nutch-core-1.0.1-4.5.2.noarch",
"product_id": "nutch-core-1.0.1-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product": {
"name": "python2-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product_id": "python2-spacewalk-certs-tools-4.0.18-3.24.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"product": {
"name": "python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"product_id": "python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product_id": "python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.0.22-3.25.2.noarch",
"product": {
"name": "spacecmd-4.0.22-3.25.2.noarch",
"product_id": "spacecmd-4.0.22-3.25.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-app-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-app-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-applet-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-cdn-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-config-files-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-iss-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-iss-export-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-libs-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-server-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-server-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-sql-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-sql-oracle-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-sql-oracle-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-tools-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.0.26-3.39.3.noarch",
"product": {
"name": "spacewalk-base-4.0.26-3.39.3.noarch",
"product_id": "spacewalk-base-4.0.26-3.39.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"product": {
"name": "spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"product_id": "spacewalk-base-minimal-4.0.26-3.39.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"product_id": "spacewalk-base-minimal-config-4.0.26-3.39.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product": {
"name": "spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"product_id": "spacewalk-certs-tools-4.0.18-3.24.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.0.26-3.39.3.noarch",
"product": {
"name": "spacewalk-dobby-4.0.26-3.39.3.noarch",
"product_id": "spacewalk-dobby-4.0.26-3.39.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.0.26-3.39.3.noarch",
"product": {
"name": "spacewalk-html-4.0.26-3.39.3.noarch",
"product_id": "spacewalk-html-4.0.26-3.39.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-java-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-java-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-java-config-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-java-config-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-java-lib-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-java-lib-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-java-postgresql-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-broker-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-broker-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-broker-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-common-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-common-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-common-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-management-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-management-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-management-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-package-manager-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-package-manager-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-package-manager-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-redirect-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-redirect-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-redirect-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-salt-4.0.15-3.13.3.noarch",
"product": {
"name": "spacewalk-proxy-salt-4.0.15-3.13.3.noarch",
"product_id": "spacewalk-proxy-salt-4.0.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-reports-4.0.6-3.3.2.noarch",
"product": {
"name": "spacewalk-reports-4.0.6-3.3.2.noarch",
"product_id": "spacewalk-reports-4.0.6-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"product": {
"name": "spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"product_id": "spacewalk-taskomatic-4.0.41-3.51.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-4.0.19-3.24.2.noarch",
"product": {
"name": "spacewalk-utils-4.0.19-3.24.2.noarch",
"product_id": "spacewalk-utils-4.0.19-3.24.2.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"product": {
"name": "supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"product_id": "supportutils-plugin-susemanager-4.0.5-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-client-4.0.4-3.6.2.noarch",
"product": {
"name": "supportutils-plugin-susemanager-client-4.0.4-3.6.2.noarch",
"product_id": "supportutils-plugin-susemanager-client-4.0.4-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-proxy-4.0.4-3.6.2.noarch",
"product": {
"name": "supportutils-plugin-susemanager-proxy-4.0.4-3.6.2.noarch",
"product_id": "supportutils-plugin-susemanager-proxy-4.0.4-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-doc-indexes-4.0-10.30.2.noarch",
"product": {
"name": "susemanager-doc-indexes-4.0-10.30.2.noarch",
"product_id": "susemanager-doc-indexes-4.0-10.30.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.0-10.30.2.noarch",
"product": {
"name": "susemanager-docs_en-4.0-10.30.2.noarch",
"product_id": "susemanager-docs_en-4.0-10.30.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"product_id": "susemanager-docs_en-pdf-4.0-10.30.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"product": {
"name": "susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"product_id": "susemanager-frontend-libs-4.0.3-4.6.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-devel-4.0.3-4.6.2.noarch",
"product": {
"name": "susemanager-frontend-libs-devel-4.0.3-4.6.2.noarch",
"product_id": "susemanager-frontend-libs-devel-4.0.3-4.6.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.0.24-3.35.2.noarch",
"product": {
"name": "susemanager-schema-4.0.24-3.35.2.noarch",
"product_id": "susemanager-schema-4.0.24-3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.0.24-3.35.2.noarch",
"product": {
"name": "susemanager-schema-sanity-4.0.24-3.35.2.noarch",
"product_id": "susemanager-schema-sanity-4.0.24-3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.0.32-3.40.2.noarch",
"product": {
"name": "susemanager-sls-4.0.32-3.40.2.noarch",
"product_id": "susemanager-sls-4.0.32-3.40.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.0.20-3.32.2.noarch",
"product": {
"name": "susemanager-sync-data-4.0.20-3.32.2.noarch",
"product_id": "susemanager-sync-data-4.0.20-3.32.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-tftpsync-recv-4.0.8-3.11.2.noarch",
"product": {
"name": "susemanager-tftpsync-recv-4.0.8-3.11.2.noarch",
"product_id": "susemanager-tftpsync-recv-4.0.8-3.11.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.0.26-3.39.3.noarch",
"product": {
"name": "susemanager-web-libs-4.0.26-3.39.3.noarch",
"product_id": "susemanager-web-libs-4.0.26-3.39.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "smdba-1.7.8-0.3.3.2.ppc64le",
"product": {
"name": "smdba-1.7.8-0.3.3.2.ppc64le",
"product_id": "smdba-1.7.8-0.3.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.0.19-3.21.3.ppc64le",
"product": {
"name": "spacewalk-branding-4.0.19-3.21.3.ppc64le",
"product_id": "spacewalk-branding-4.0.19-3.21.3.ppc64le"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-devel-4.0.19-3.21.3.ppc64le",
"product": {
"name": "spacewalk-branding-devel-4.0.19-3.21.3.ppc64le",
"product_id": "spacewalk-branding-devel-4.0.19-3.21.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "smdba-1.7.8-0.3.3.2.s390x",
"product": {
"name": "smdba-1.7.8-0.3.3.2.s390x",
"product_id": "smdba-1.7.8-0.3.3.2.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.0.19-3.21.3.s390x",
"product": {
"name": "spacewalk-branding-4.0.19-3.21.3.s390x",
"product_id": "spacewalk-branding-4.0.19-3.21.3.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-devel-4.0.19-3.21.3.s390x",
"product": {
"name": "spacewalk-branding-devel-4.0.19-3.21.3.s390x",
"product_id": "spacewalk-branding-devel-4.0.19-3.21.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.6.2.x86_64",
"product": {
"name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.6.2.x86_64",
"product_id": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "smdba-1.7.8-0.3.3.2.x86_64",
"product": {
"name": "smdba-1.7.8-0.3.3.2.x86_64",
"product_id": "smdba-1.7.8-0.3.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.0.19-3.21.3.x86_64",
"product": {
"name": "spacewalk-branding-4.0.19-3.21.3.x86_64",
"product_id": "spacewalk-branding-4.0.19-3.21.3.x86_64"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-devel-4.0.19-3.21.3.x86_64",
"product": {
"name": "spacewalk-branding-devel-4.0.19-3.21.3.x86_64",
"product_id": "spacewalk-branding-devel-4.0.19-3.21.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.0",
"product": {
"name": "SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpu-mitigations-formula-0.3-4.9.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:cpu-mitigations-formula-0.3-4.9.2.noarch"
},
"product_reference": "cpu-mitigations-formula-0.3-4.9.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nutch-core-1.0.1-4.5.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:nutch-core-1.0.1-4.5.2.noarch"
},
"product_reference": "nutch-core-1.0.1-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch"
},
"product_reference": "python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "smdba-1.7.8-0.3.3.2.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.ppc64le"
},
"product_reference": "smdba-1.7.8-0.3.3.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "smdba-1.7.8-0.3.3.2.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.s390x"
},
"product_reference": "smdba-1.7.8-0.3.3.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "smdba-1.7.8-0.3.3.2.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.x86_64"
},
"product_reference": "smdba-1.7.8-0.3.3.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.0.22-3.25.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacecmd-4.0.22-3.25.2.noarch"
},
"product_reference": "spacecmd-4.0.22-3.25.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-app-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-server-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.0.26-3.39.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-4.0.26-3.39.3.noarch"
},
"product_reference": "spacewalk-base-4.0.26-3.39.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.0.26-3.39.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.26-3.39.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.0.26-3.39.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.26-3.39.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.0.19-3.21.3.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.ppc64le"
},
"product_reference": "spacewalk-branding-4.0.19-3.21.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.0.19-3.21.3.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.s390x"
},
"product_reference": "spacewalk-branding-4.0.19-3.21.3.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.0.19-3.21.3.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.x86_64"
},
"product_reference": "spacewalk-branding-4.0.19-3.21.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.0.18-3.24.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.18-3.24.2.noarch"
},
"product_reference": "spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.0.26-3.39.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-html-4.0.26-3.39.3.noarch"
},
"product_reference": "spacewalk-html-4.0.26-3.39.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.0.41-3.51.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-4.0.41-3.51.2.noarch"
},
"product_reference": "spacewalk-java-4.0.41-3.51.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.0.41-3.51.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.41-3.51.2.noarch"
},
"product_reference": "spacewalk-java-config-4.0.41-3.51.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.0.41-3.51.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.41-3.51.2.noarch"
},
"product_reference": "spacewalk-java-lib-4.0.41-3.51.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.0.41-3.51.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.41-3.51.2.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-reports-4.0.6-3.3.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-reports-4.0.6-3.3.2.noarch"
},
"product_reference": "spacewalk-reports-4.0.6-3.3.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.0.41-3.51.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.41-3.51.2.noarch"
},
"product_reference": "spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-4.0.19-3.24.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.19-3.24.2.noarch"
},
"product_reference": "spacewalk-utils-4.0.19-3.24.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-4.0.5-3.6.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:supportutils-plugin-susemanager-4.0.5-3.6.2.noarch"
},
"product_reference": "supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-doc-indexes-4.0-10.30.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-doc-indexes-4.0-10.30.2.noarch"
},
"product_reference": "susemanager-doc-indexes-4.0-10.30.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.0-10.30.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-docs_en-4.0-10.30.2.noarch"
},
"product_reference": "susemanager-docs_en-4.0-10.30.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.0-10.30.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-docs_en-pdf-4.0-10.30.2.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-4.0.3-4.6.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.3-4.6.2.noarch"
},
"product_reference": "susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.0.24-3.35.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-schema-4.0.24-3.35.2.noarch"
},
"product_reference": "susemanager-schema-4.0.24-3.35.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.0.32-3.40.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sls-4.0.32-3.40.2.noarch"
},
"product_reference": "susemanager-sls-4.0.32-3.40.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.0.20-3.32.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.20-3.32.2.noarch"
},
"product_reference": "susemanager-sync-data-4.0.20-3.32.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.0.26-3.39.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.26-3.39.3.noarch"
},
"product_reference": "susemanager-web-libs-4.0.26-3.39.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23901"
}
],
"notes": [
{
"category": "general",
"text": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.0:cpu-mitigations-formula-0.3-4.9.2.noarch",
"SUSE Manager Server Module 4.0:nutch-core-1.0.1-4.5.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.ppc64le",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.s390x",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.x86_64",
"SUSE Manager Server Module 4.0:spacecmd-4.0.22-3.25.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.ppc64le",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.s390x",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.x86_64",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-reports-4.0.6-3.3.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.19-3.24.2.noarch",
"SUSE Manager Server Module 4.0:supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-doc-indexes-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.24-3.35.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.32-3.40.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.20-3.32.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.26-3.39.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23901",
"url": "https://www.suse.com/security/cve/CVE-2021-23901"
},
{
"category": "external",
"summary": "SUSE Bug 1181356 for CVE-2021-23901",
"url": "https://bugzilla.suse.com/1181356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.0:cpu-mitigations-formula-0.3-4.9.2.noarch",
"SUSE Manager Server Module 4.0:nutch-core-1.0.1-4.5.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.ppc64le",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.s390x",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.x86_64",
"SUSE Manager Server Module 4.0:spacecmd-4.0.22-3.25.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.ppc64le",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.s390x",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.x86_64",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-reports-4.0.6-3.3.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.19-3.24.2.noarch",
"SUSE Manager Server Module 4.0:supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-doc-indexes-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.24-3.35.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.32-3.40.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.20-3.32.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.26-3.39.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.0:cpu-mitigations-formula-0.3-4.9.2.noarch",
"SUSE Manager Server Module 4.0:nutch-core-1.0.1-4.5.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.ppc64le",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.s390x",
"SUSE Manager Server Module 4.0:smdba-1.7.8-0.3.3.2.x86_64",
"SUSE Manager Server Module 4.0:spacecmd-4.0.22-3.25.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.36-3.41.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.ppc64le",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.s390x",
"SUSE Manager Server Module 4.0:spacewalk-branding-4.0.19-3.21.3.x86_64",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.26-3.39.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-reports-4.0.6-3.3.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.41-3.51.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.19-3.24.2.noarch",
"SUSE Manager Server Module 4.0:supportutils-plugin-susemanager-4.0.5-3.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-doc-indexes-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-docs_en-pdf-4.0-10.30.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.3-4.6.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.24-3.35.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.32-3.40.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.20-3.32.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.26-3.39.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-12T10:37:16Z",
"details": "critical"
}
],
"title": "CVE-2021-23901"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…