Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47535 (GCVE-0-2024-47535)
Vulnerability from cvelistv5 – Published: 2024-11-12 15:50 – Updated: 2024-11-13 20:44
VLAI
EPSS
Title
Denial of Service attack on windows app using Netty
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Severity
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/netty/netty/commit/fbf7a704a82… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netty:netty:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netty",
"vendor": "netty",
"versions": [
{
"lessThan": "4.1.115",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:43:58.714521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T20:44:41.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:50:08.334Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
},
{
"name": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
}
],
"source": {
"advisory": "GHSA-xq3w-v528-46rv",
"discovery": "UNKNOWN"
},
"title": "Denial of Service attack on windows app using Netty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47535",
"datePublished": "2024-11-12T15:50:08.334Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-11-13T20:44:41.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47535",
"date": "2026-07-05",
"epss": "0.00408",
"percentile": "0.32705"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.\"}, {\"lang\": \"es\", \"value\": \"Netty es un framework de trabajo de aplicaci\\u00f3n de red asincr\\u00f3nico controlado por eventos para el desarrollo r\\u00e1pido de servidores y clientes de protocolo de alto rendimiento y mantenibles. Una lectura no segura de un archivo de entorno podr\\u00eda provocar una denegaci\\u00f3n de servicio en Netty. Cuando se carga en una aplicaci\\u00f3n de Windows, Netty intenta cargar un archivo que no existe. Si un atacante crea un archivo tan grande, la aplicaci\\u00f3n Netty se bloquea. Esta vulnerabilidad se corrigi\\u00f3 en 4.1.115.\"}]",
"id": "CVE-2024-47535",
"lastModified": "2024-11-13T17:01:58.603",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-11-12T16:15:22.237",
"references": "[{\"url\": \"https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\", \"source\": \"security-advisories@github.com\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47535\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-12T16:15:22.237\",\"lastModified\":\"2026-06-17T07:57:15.547\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.\"},{\"lang\":\"es\",\"value\":\"Netty es un framework de trabajo de aplicaci\u00f3n de red asincr\u00f3nico controlado por eventos para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento y mantenibles. Una lectura no segura de un archivo de entorno podr\u00eda provocar una denegaci\u00f3n de servicio en Netty. Cuando se carga en una aplicaci\u00f3n de Windows, Netty intenta cargar un archivo que no existe. Si un atacante crea un archivo tan grande, la aplicaci\u00f3n Netty se bloquea. Esta vulnerabilidad se corrigi\u00f3 en 4.1.115.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"netty\",\"product\":\"netty\",\"versions\":[{\"version\":\"\u003c 4.1.115\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"netty\",\"product\":\"netty\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:netty:netty:-:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.1.115\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-11-13T20:43:58.714521Z\",\"id\":\"CVE-2024-47535\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.115\",\"matchCriteriaId\":\"8ACD5F9E-5E81-4D37-84EB-7BC68740A430\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47535\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T20:43:58.714521Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:netty:netty:-:*:*:*:*:*:*:*\"], \"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.1.115\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T20:44:36.110Z\"}}], \"cna\": {\"title\": \"Denial of Service attack on windows app using Netty\", \"source\": {\"advisory\": \"GHSA-xq3w-v528-46rv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.1.115\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3\", \"name\": \"https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-11-12T15:50:08.334Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47535\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T20:44:41.743Z\", \"dateReserved\": \"2024-09-25T21:46:10.929Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-11-12T15:50:08.334Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2025-0285
Vulnerability from csaf_certbund - Published: 2025-02-05 23:00 - Updated: 2026-06-16 22:00Summary
Red Hat Enterprise Linux (Quarkus und Netty): Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - UNIX
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM TXSeries Multiplatforms
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms
|
Multiplatforms | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Apache Camel 4.8 for Quarkus <3.15
Red Hat / Enterprise Linux
|
Apache Camel 4.8 for Quarkus <3.15 | ||
|
IBM Security Guardium 12
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:sqlguard_12.0p35_bundle_jan-28-2025
|
12 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM SPSS Modeler
IBM / SPSS
|
cpe:/a:ibm:spss:modeler
|
Modeler | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM Sterling Connect:Direct <6.2.0.27
IBM / Sterling Connect:Direct
|
<6.2.0.27 | ||
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat Enterprise Linux Quarkus <3.15.3
Red Hat / Enterprise Linux
|
Quarkus <3.15.3 | ||
|
IBM Operational Decision Manager <V8.11.0.1 Interim fix 042
IBM / Operational Decision Manager
|
<V8.11.0.1 Interim fix 042 | ||
|
IBM Operational Decision Manager <V8.11.1.0: Interim fix 039
IBM / Operational Decision Manager
|
<V8.11.1.0: Interim fix 039 | ||
|
IBM Operational Decision Manager <V8.12.0.1: Interim fix 024
IBM / Operational Decision Manager
|
<V8.12.0.1: Interim fix 024 | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Red Hat Enterprise Linux Cryostat 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_4
|
Cryostat 4 | |
|
IBM Sterling Connect:Direct <6.3.0.12
IBM / Sterling Connect:Direct
|
<6.3.0.12 | ||
|
IBM Operational Decision Manager <V9.0.0.1: Interim fix 007
IBM / Operational Decision Manager
|
<V9.0.0.1: Interim fix 007 | ||
|
Red Hat JBoss Enterprise Application Platform <7.4.21
Red Hat / JBoss Enterprise Application Platform
|
<7.4.21 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM TXSeries Multiplatforms
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms
|
Multiplatforms | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Security Guardium 12
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:sqlguard_12.0p35_bundle_jan-28-2025
|
12 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM SPSS Modeler
IBM / SPSS
|
cpe:/a:ibm:spss:modeler
|
Modeler | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM Sterling Connect:Direct <6.2.0.27
IBM / Sterling Connect:Direct
|
<6.2.0.27 | ||
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat Enterprise Linux Quarkus <3.15.3
Red Hat / Enterprise Linux
|
Quarkus <3.15.3 | ||
|
IBM Operational Decision Manager <V8.11.0.1 Interim fix 042
IBM / Operational Decision Manager
|
<V8.11.0.1 Interim fix 042 | ||
|
IBM Operational Decision Manager <V8.11.1.0: Interim fix 039
IBM / Operational Decision Manager
|
<V8.11.1.0: Interim fix 039 | ||
|
IBM Operational Decision Manager <V8.12.0.1: Interim fix 024
IBM / Operational Decision Manager
|
<V8.12.0.1: Interim fix 024 | ||
|
Red Hat JBoss A-MQ Streams 2
Red Hat / JBoss A-MQ
|
cpe:/a:redhat:jboss_amq:streams_2
|
Streams 2 | |
|
Red Hat Enterprise Linux Cryostat 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_4
|
Cryostat 4 | |
|
IBM Sterling Connect:Direct <6.3.0.12
IBM / Sterling Connect:Direct
|
<6.3.0.12 | ||
|
IBM Operational Decision Manager <V9.0.0.1: Interim fix 007
IBM / Operational Decision Manager
|
<V9.0.0.1: Interim fix 007 | ||
|
Red Hat JBoss Enterprise Application Platform <7.4.21
Red Hat / JBoss Enterprise Application Platform
|
<7.4.21 |
References
27 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0285 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0285.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0285 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0285"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:0900"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1082"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2416 vom 2025-03-05",
"url": "https://access.redhat.com/errata/RHSA-2025:2416"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3018 vom 2025-03-19",
"url": "https://access.redhat.com/errata/RHSA-2025:3018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3358 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3358"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3357 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3357"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7185400 vom 2025-03-29",
"url": "https://www.ibm.com/support/pages/node/7185400"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3465 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3467 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3467"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229901 vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229901"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7231033 vom 2025-04-16",
"url": "https://www.ibm.com/support/pages/node/7231033"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7231945 vom 2025-04-28",
"url": "https://www.ibm.com/support/pages/node/7231945"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232032 vom 2025-04-29",
"url": "https://www.ibm.com/support/pages/node/7232032"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4548 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4548"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4552 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4550 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4549 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4549"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7234827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12511 vom 2025-08-03",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241572 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241572"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-127 vom 2025-09-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-127/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276619 vom 2026-06-16",
"url": "https://www.ibm.com/support/pages/node/7276619"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Quarkus und Netty): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T08:40:00.724+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2025-0285",
"initial_release_date": "2025-02-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T043411",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.0.1 Interim fix 042",
"product_id": "T043174"
}
},
{
"category": "product_version",
"name": "V8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager V8.11.0.1 Interim fix 042",
"product_id": "T043174-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.0.1_interim_fix_042"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.1.0: Interim fix 039",
"product_id": "T043175"
}
},
{
"category": "product_version",
"name": "V8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager V8.11.1.0: Interim fix 039",
"product_id": "T043175-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.1.0_interim_fix_039"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.12.0.1: Interim fix 024",
"product_id": "T043176"
}
},
{
"category": "product_version",
"name": "V8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager V8.12.0.1: Interim fix 024",
"product_id": "T043176-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.12.0.1_interim_fix_024"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager \u003cV9.0.0.1: Interim fix 007",
"product_id": "T043177"
}
},
{
"category": "product_version",
"name": "V9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager V9.0.0.1: Interim fix 007",
"product_id": "T043177-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v9.0.0.1_interim_fix_007"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Analytic Server",
"product": {
"name": "IBM SPSS Analytic Server",
"product_id": "T011789",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server"
}
}
},
{
"category": "product_version",
"name": "Modeler",
"product": {
"name": "IBM SPSS Modeler",
"product_id": "T018587",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:modeler"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12",
"product_id": "T043916",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:sqlguard_12.0p35_bundle_jan-28-2025"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.0.12",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.3.0.12",
"product_id": "T042880"
}
},
{
"category": "product_version",
"name": "6.3.0.12",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0.12",
"product_id": "T042880-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.0.27",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.2.0.27",
"product_id": "T042883"
}
},
{
"category": "product_version",
"name": "6.2.0.27",
"product": {
"name": "IBM Sterling Connect:Direct 6.2.0.27",
"product_id": "T042883-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.2.0.27"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
},
{
"branches": [
{
"category": "product_version",
"name": "Multiplatforms",
"product": {
"name": "IBM TXSeries Multiplatforms",
"product_id": "T036617",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.15.3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.15.3",
"product_id": "T040876"
}
},
{
"category": "product_version",
"name": "Quarkus 3.15.3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.15.3",
"product_id": "T040876-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.15.3"
}
}
},
{
"category": "product_version_range",
"name": "Apache Camel 4.8 for Quarkus \u003c3.15",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 4.8 for Quarkus \u003c3.15",
"product_id": "T040877"
}
},
{
"category": "product_version",
"name": "Apache Camel 4.8 for Quarkus 3.15",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 4.8 for Quarkus 3.15",
"product_id": "T040877-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_4.8_for_quarkus__3.15"
}
}
},
{
"category": "product_version",
"name": "Cryostat 4",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 4",
"product_id": "T042011",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat_4"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Streams 2",
"product": {
"name": "Red Hat JBoss A-MQ Streams 2",
"product_id": "T041596",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:streams_2"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.21",
"product_id": "T042265"
}
},
{
"category": "product_version",
"name": "7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.21",
"product_id": "T042265-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.21"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12397",
"product_status": {
"known_affected": [
"T011789",
"T036617",
"67646",
"T040877",
"T043916",
"T038840",
"T018587",
"T043411",
"T042883",
"T044468",
"444803",
"T021415",
"T040876",
"T043174",
"T043175",
"T043176",
"T041596",
"T042011",
"T042880",
"T043177",
"T042265"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2024-12397"
},
{
"cve": "CVE-2024-47535",
"product_status": {
"known_affected": [
"T011789",
"T036617",
"67646",
"T043916",
"T038840",
"T018587",
"T043411",
"T042883",
"T044468",
"444803",
"T021415",
"T040876",
"T043174",
"T043175",
"T043176",
"T041596",
"T042011",
"T042880",
"T043177",
"T042265"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2024-47535"
}
]
}
WID-SEC-W-2025-0938
Vulnerability from csaf_certbund - Published: 2025-05-05 22:00 - Updated: 2026-04-27 22:00Summary
IBM DB2: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 | ||
|
IBM DB2 V12.1 <Special Build 54779
IBM / DB2
|
V12.1 <Special Build 54779 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 | ||
|
IBM DB2 V12.1 <Special Build 54779
IBM / DB2
|
V12.1 <Special Build 54779 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 | ||
|
IBM DB2 V12.1 <Special Build 54779
IBM / DB2
|
V12.1 <Special Build 54779 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 | ||
|
IBM DB2 V12.1 <Special Build 54779
IBM / DB2
|
V12.1 <Special Build 54779 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM DB2 V11.5 <Special Build 55285
IBM / DB2
|
V11.5 <Special Build 55285 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0938 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0938.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0938 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0938"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-05",
"url": "https://www.ibm.com/support/pages/node/7232515"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-05",
"url": "https://www.ibm.com/support/pages/node/7232518"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-05",
"url": "https://www.ibm.com/support/pages/node/7232528"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-05",
"url": "https://www.ibm.com/support/pages/node/7232529"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-05",
"url": "https://www.ibm.com/support/pages/node/7232531"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7237451 vom 2025-06-20",
"url": "https://www.ibm.com/support/pages/node/7237451"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-07-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122376"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7257888 vom 2026-01-23",
"url": "https://www.ibm.com/support/pages/node/7257888"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7270885 vom 2026-04-27",
"url": "https://www.ibm.com/support/pages/node/7270885"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-04-27T22:00:00.000+00:00",
"generator": {
"date": "2026-04-28T08:29:23.117+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0938",
"initial_release_date": "2025-05-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Big SQL",
"product": {
"name": "IBM DB2 Big SQL",
"product_id": "T022379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql"
}
}
},
{
"category": "product_version_range",
"name": "V11.5 \u003cSpecial Build 55285",
"product": {
"name": "IBM DB2 V11.5 \u003cSpecial Build 55285",
"product_id": "T043350"
}
},
{
"category": "product_version",
"name": "V11.5 Special Build 55285",
"product": {
"name": "IBM DB2 V11.5 Special Build 55285",
"product_id": "T043350-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.5__special_build_55285"
}
}
},
{
"category": "product_version_range",
"name": "V12.1 \u003cSpecial Build 54779",
"product": {
"name": "IBM DB2 V12.1 \u003cSpecial Build 54779",
"product_id": "T043351"
}
},
{
"category": "product_version",
"name": "V12.1 Special Build 54779",
"product": {
"name": "IBM DB2 V12.1 Special Build 54779",
"product_id": "T043351-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v12.1__special_build_54779"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0915",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350",
"T043351"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-0915"
},
{
"cve": "CVE-2025-1000",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350",
"T043351"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-1000"
},
{
"cve": "CVE-2025-1493",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350",
"T043351"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-1493"
},
{
"cve": "CVE-2025-1992",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350",
"T043351"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-1992"
},
{
"cve": "CVE-2024-47535",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2024-47535"
},
{
"cve": "CVE-2025-25193",
"product_status": {
"known_affected": [
"T016581",
"T022379",
"T019294",
"T026238",
"T043350"
]
},
"release_date": "2025-05-05T22:00:00.000+00:00",
"title": "CVE-2025-25193"
}
]
}
WID-SEC-W-2025-2662
Vulnerability from csaf_certbund - Published: 2025-11-23 23:00 - Updated: 2025-11-23 23:00Summary
IBM Informix (Dynamic Server): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Informix ist ein Datenbankmanagementsystem (DBMS) von IBM.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in IBM Informix (Dynamic Server) ausnutzen, um einen Denial-of-Service-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Informix <=Dynamic Server 12.10.x
IBM / Informix
|
<=Dynamic Server 12.10.x | ||
|
IBM Informix <=Dynamic Server 14.10
IBM / Informix
|
<=Dynamic Server 14.10 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Informix ist ein Datenbankmanagementsystem (DBMS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in IBM Informix (Dynamic Server) ausnutzen, um einen Denial-of-Service-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2662 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2662.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2662 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2662"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252226 vom 2025-11-23",
"url": "https://www.ibm.com/support/pages/node/7252226"
}
],
"source_lang": "en-US",
"title": "IBM Informix (Dynamic Server): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-11-23T23:00:00.000+00:00",
"generator": {
"date": "2025-11-24T08:47:09.573+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2662",
"initial_release_date": "2025-11-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=Dynamic Server 14.10",
"product": {
"name": "IBM Informix \u003c=Dynamic Server 14.10",
"product_id": "T048841"
}
},
{
"category": "product_version",
"name": "= Dynamic Server 14.10",
"product": {
"name": "IBM Informix = Dynamic Server 14.10",
"product_id": "T048841-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:informix:dynamic_server_14.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=Dynamic Server 12.10.x",
"product": {
"name": "IBM Informix \u003c=Dynamic Server 12.10.x",
"product_id": "T048842"
}
},
{
"category": "product_version",
"name": "= Dynamic Server 12.10.x",
"product": {
"name": "IBM Informix = Dynamic Server 12.10.x",
"product_id": "T048842-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:informix:dynamic_server_12.10.x"
}
}
}
],
"category": "product_name",
"name": "Informix"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47535",
"product_status": {
"known_affected": [
"T048842",
"T048841"
]
},
"release_date": "2025-11-23T23:00:00.000+00:00",
"title": "CVE-2024-47535"
}
]
}
WID-SEC-W-2026-0254
Vulnerability from csaf_certbund - Published: 2026-01-28 23:00 - Updated: 2026-04-27 22:00Summary
Apache Cassandra (Netty): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Cassandra ist ein einfaches, verteiltes Datenbankverwaltungssystem für sehr große strukturierte Datenbanken.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Apache Cassandra ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool
IBM
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
Apache Cassandra <4.1.11
Apache / Cassandra
|
<4.1.11 | ||
|
Apache Cassandra <4.0.20
Apache / Cassandra
|
<4.0.20 | ||
|
Apache Cassandra <5.1
Apache / Cassandra
|
<5.1 | ||
|
Apache Cassandra <5.0.7
Apache / Cassandra
|
<5.0.7 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cassandra ist ein einfaches, verteiltes Datenbankverwaltungssystem f\u00fcr sehr gro\u00dfe strukturierte Datenbanken.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Apache Cassandra ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0254 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0254.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0254 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0254"
},
{
"category": "external",
"summary": "Apache Mailing List vom 2026-01-28",
"url": "https://lists.apache.org/thread/b4qp5c7tqry6o3mdlg4gtk9szw1nlcf4"
},
{
"category": "external",
"summary": "Cassandra issue vom 2026-01-28",
"url": "https://issues.apache.org/jira/browse/CASSANDRA-20152?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"category": "external",
"summary": "Commit Auf GitHub vom 2026-01-28",
"url": "https://github.com/apache/cassandra/commit/ec3b425c38d92d20d77d3a87c782ed9c072e1cd9"
},
{
"category": "external",
"summary": "PoC vom 2026-01-28",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7270885 vom 2026-04-27",
"url": "https://www.ibm.com/support/pages/node/7270885"
}
],
"source_lang": "en-US",
"title": "Apache Cassandra (Netty): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-04-27T22:00:00.000+00:00",
"generator": {
"date": "2026-04-28T08:30:23.687+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0254",
"initial_release_date": "2026-01-28T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.0.20",
"product": {
"name": "Apache Cassandra \u003c4.0.20",
"product_id": "T050410"
}
},
{
"category": "product_version",
"name": "4.0.20",
"product": {
"name": "Apache Cassandra 4.0.20",
"product_id": "T050410-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:cassandra:4.0.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.11",
"product": {
"name": "Apache Cassandra \u003c4.1.11",
"product_id": "T050411"
}
},
{
"category": "product_version",
"name": "4.1.11",
"product": {
"name": "Apache Cassandra 4.1.11",
"product_id": "T050411-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:cassandra:4.1.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.7",
"product": {
"name": "Apache Cassandra \u003c5.0.7",
"product_id": "T050412"
}
},
{
"category": "product_version",
"name": "5.0.7",
"product": {
"name": "Apache Cassandra 5.0.7",
"product_id": "T050412-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:cassandra:5.0.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.1",
"product": {
"name": "Apache Cassandra \u003c5.1",
"product_id": "T050413"
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Apache Cassandra 5.1",
"product_id": "T050413-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:cassandra:5.1"
}
}
}
],
"category": "product_name",
"name": "Cassandra"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47535",
"product_status": {
"known_affected": [
"T016581",
"T050411",
"T050410",
"T050413",
"T050412"
]
},
"release_date": "2026-01-28T23:00:00.000+00:00",
"title": "CVE-2024-47535"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…